An Heuristic Method for Web-Service Program Security Testing

Abstract

The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.