LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection

Abstract : Fuzz testing consists of automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. In order to be efficient, the fuzzing should answer questions such as: Where to send a malicious value? Where to observe its effects? How to position the system in such states? Answering such questions is a matter of understanding precisely enough the application. Reverse- engineering is a possible way to gain this knowledge, especially in a black-box harness. In fact, given the complexity of modern web applications, automated black-box scanners alternatively reverse- engineer and fuzz web applications to detect vulnerabilities. We present an approach, named as LigRE, which improves the reverse engineering to guide the fuzzing. We adapt a method to automatically learn a control flow model of web applications, and annotate this model with inferred data flows. Afterwards, we generate slices of the model for guiding the scope of a fuzzer. Empirical experiments show that LigRE increases detection capabilities of Cross Site Scripting (XSS), a particular case of web command injection vulnerabilities.
Type de document :
Communication dans un congrès
Working Conference in Reverse Engineering (WCRE 2013), 2013, Koblenz-Landau, Germany. IEEE, 20, pp.252-261, 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00974762
Contributeur : Catherine Oriat <>
Soumis le : lundi 7 avril 2014 - 14:16:17
Dernière modification le : jeudi 11 janvier 2018 - 06:22:07

Identifiants

  • HAL Id : hal-00974762, version 1

Collections

Citation

Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz. LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection. Working Conference in Reverse Engineering (WCRE 2013), 2013, Koblenz-Landau, Germany. IEEE, 20, pp.252-261, 2013. 〈hal-00974762〉

Partager

Métriques

Consultations de la notice

170