Skip to Main content Skip to Navigation
Conference papers

BlackBox Web Vulnerability Detection with Model Inference assisted Evolutionary Fuzzing

Fabien Duchene 1
1 VASCO - Validation de Systèmes, Composants et Objets logiciels
LIG - Laboratoire d'Informatique de Grenoble
Abstract : Fuzzing (aka Fuzz-Testing) consists in testing a system by sending boundary values and observing if a property is violated. Traditional undirected fuzzing techniques lack knowledge of the behavior of the tested system. This limits their ability to generate inputs, and to achieve high coverage. We propose a combination of model inference and evolutionary fuzzing. The former reverse-engineers an application behavior, and the latter evolves malicious inputs for detecting vulnerabilities. We specifically targets Cross Site Scripting (XSS), a particular case of command injection in web applications.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-00853724
Contributor : Roland Groz <>
Submitted on : Friday, August 23, 2013 - 6:52:25 PM
Last modification on : Tuesday, December 8, 2020 - 10:18:09 AM

Identifiers

  • HAL Id : hal-00853724, version 1

Collections

Citation

Fabien Duchene. BlackBox Web Vulnerability Detection with Model Inference assisted Evolutionary Fuzzing. SysSec 2013 - 2nd Workshop on System Security research, Jul 2013, Bochum, Germany. ⟨hal-00853724⟩

Share

Metrics

Record views

199