XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

We present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Duchene, F., Groz, R., Rawat, S., Richier, J.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Black-Box Security Testing
Computer Science
Conferences
Genetic Algorithm
Genetic algorithms
Grammar
HTML
Model Based Fuzzing
Model Inference
Production
Security
Software Engineering
Test Automation
Testing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:We present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability.
ISSN:2159-4848
2771-3091
DOI:10.1109/ICST.2012.181