{"title":"JSEFuzz: Java Web应用程序漏洞检测方法","authors":"Hongpeng Man, Jing An, Wei Huang, Wenqing Fan","doi":"10.1109/ICSRS.2018.8688844","DOIUrl":null,"url":null,"abstract":"Modularity is an important feature of Java Web applications nowadays, which challenges traditional program analytical techniques. Symbolic execution and Fuzzing, as two promising methods, both have some defects. On one hand, fuzzing is difficult to detect the branch with harsh path conditions; on the other hand, symbolic execution makes it difficult to symbolize complex inputs in a modular context. To improve these defects, we have designed JSEFuzz, a vulnerability detection method for Java Web applications. JSEFuzz combines the methods of fuzzing and symbolic execution: using fuzzing to find module-level vulnerability triggering conditions and corresponding input data, using symbolic execution to transform module-level input data, and verifying vulnerability triggerability at the program level, which is proved feasibility through experiments.","PeriodicalId":166131,"journal":{"name":"2018 3rd International Conference on System Reliability and Safety (ICSRS)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"JSEFuzz: Vulnerability Detection Method for Java Web Application\",\"authors\":\"Hongpeng Man, Jing An, Wei Huang, Wenqing Fan\",\"doi\":\"10.1109/ICSRS.2018.8688844\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modularity is an important feature of Java Web applications nowadays, which challenges traditional program analytical techniques. Symbolic execution and Fuzzing, as two promising methods, both have some defects. On one hand, fuzzing is difficult to detect the branch with harsh path conditions; on the other hand, symbolic execution makes it difficult to symbolize complex inputs in a modular context. To improve these defects, we have designed JSEFuzz, a vulnerability detection method for Java Web applications. JSEFuzz combines the methods of fuzzing and symbolic execution: using fuzzing to find module-level vulnerability triggering conditions and corresponding input data, using symbolic execution to transform module-level input data, and verifying vulnerability triggerability at the program level, which is proved feasibility through experiments.\",\"PeriodicalId\":166131,\"journal\":{\"name\":\"2018 3rd International Conference on System Reliability and Safety (ICSRS)\",\"volume\":\"62 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 3rd International Conference on System Reliability and Safety (ICSRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSRS.2018.8688844\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on System Reliability and Safety (ICSRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSRS.2018.8688844","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
JSEFuzz: Vulnerability Detection Method for Java Web Application
Modularity is an important feature of Java Web applications nowadays, which challenges traditional program analytical techniques. Symbolic execution and Fuzzing, as two promising methods, both have some defects. On one hand, fuzzing is difficult to detect the branch with harsh path conditions; on the other hand, symbolic execution makes it difficult to symbolize complex inputs in a modular context. To improve these defects, we have designed JSEFuzz, a vulnerability detection method for Java Web applications. JSEFuzz combines the methods of fuzzing and symbolic execution: using fuzzing to find module-level vulnerability triggering conditions and corresponding input data, using symbolic execution to transform module-level input data, and verifying vulnerability triggerability at the program level, which is proved feasibility through experiments.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
