{"title":"Web application fuzz testing","authors":"Ivan Andrianto, M. Liem, Y. Asnar","doi":"10.1109/ICODSE.2017.8285893","DOIUrl":null,"url":null,"abstract":"Security is very important aspect of a web application. Therefore security testing is needed to find vulnerabilities on web applications. One of security testing technique is fuzz testing. Fuzz testing or fuzzing is a software testing technique done by giving a set of invalid inputs to the application under test. Fuzz testing is usually done by a tool. In fuzz testing for web application, a set of HTTP requests will be sent to the application under test in order to see how the application behaves when getting various inputs. It would be better if fuzz testing for web application can run automatically on certain conditions. In this research, we develop a platform and tools for web application fuzz testing automation that can be integrated to Jenkins. The tool has been tested on web applications with known vulnerabilities. In 13 of the 15 test cases, the tool can successfully found the presence of vulnerabilities. Based on the results, most vulnerabilities can be detected based on HTTP response content.","PeriodicalId":366005,"journal":{"name":"2017 International Conference on Data and Software Engineering (ICoDSE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Data and Software Engineering (ICoDSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICODSE.2017.8285893","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Security is very important aspect of a web application. Therefore security testing is needed to find vulnerabilities on web applications. One of security testing technique is fuzz testing. Fuzz testing or fuzzing is a software testing technique done by giving a set of invalid inputs to the application under test. Fuzz testing is usually done by a tool. In fuzz testing for web application, a set of HTTP requests will be sent to the application under test in order to see how the application behaves when getting various inputs. It would be better if fuzz testing for web application can run automatically on certain conditions. In this research, we develop a platform and tools for web application fuzz testing automation that can be integrated to Jenkins. The tool has been tested on web applications with known vulnerabilities. In 13 of the 15 test cases, the tool can successfully found the presence of vulnerabilities. Based on the results, most vulnerabilities can be detected based on HTTP response content.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
