BlackBox Web Vulnerability Detection with Model Inference assisted Evolutionary Fuzzing

Fabien Duchene 1
1 VASCO
LIG - Laboratoire d'Informatique de Grenoble
Abstract : Fuzzing (aka Fuzz-Testing) consists in testing a system by sending boundary values and observing if a property is violated. Traditional undirected fuzzing techniques lack knowledge of the behavior of the tested system. This limits their ability to generate inputs, and to achieve high coverage. We propose a combination of model inference and evolutionary fuzzing. The former reverse-engineers an application behavior, and the latter evolves malicious inputs for detecting vulnerabilities. We specifically targets Cross Site Scripting (XSS), a particular case of command injection in web applications.
Type de document :
Communication dans un congrès
Stefano Zanero. SysSec 2013 - 2nd Workshop on System Security research, Jul 2013, Bochum, Germany. 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00853724
Contributeur : Roland Groz <>
Soumis le : vendredi 23 août 2013 - 18:52:25
Dernière modification le : jeudi 11 octobre 2018 - 08:48:04

Identifiants

  • HAL Id : hal-00853724, version 1

Collections

Citation

Fabien Duchene. BlackBox Web Vulnerability Detection with Model Inference assisted Evolutionary Fuzzing. Stefano Zanero. SysSec 2013 - 2nd Workshop on System Security research, Jul 2013, Bochum, Germany. 2013. 〈hal-00853724〉

Partager

Métriques

Consultations de la notice

105