{"title":"An Heuristic Method for Web-Service Program Security Testing","authors":"Gang Zhao, Weimin Zheng, Jinjing Zhao, Hua Chen","doi":"10.1109/ChinaGrid.2009.10","DOIUrl":null,"url":null,"abstract":"The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.","PeriodicalId":212445,"journal":{"name":"2009 Fourth ChinaGrid Annual Conference","volume":"96 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth ChinaGrid Annual Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ChinaGrid.2009.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
