Web应用程序模糊测试

Ivan Andrianto, M. Liem, Y. Asnar
{"title":"Web应用程序模糊测试","authors":"Ivan Andrianto, M. Liem, Y. Asnar","doi":"10.1109/ICODSE.2017.8285893","DOIUrl":null,"url":null,"abstract":"Security is very important aspect of a web application. Therefore security testing is needed to find vulnerabilities on web applications. One of security testing technique is fuzz testing. Fuzz testing or fuzzing is a software testing technique done by giving a set of invalid inputs to the application under test. Fuzz testing is usually done by a tool. In fuzz testing for web application, a set of HTTP requests will be sent to the application under test in order to see how the application behaves when getting various inputs. It would be better if fuzz testing for web application can run automatically on certain conditions. In this research, we develop a platform and tools for web application fuzz testing automation that can be integrated to Jenkins. The tool has been tested on web applications with known vulnerabilities. In 13 of the 15 test cases, the tool can successfully found the presence of vulnerabilities. Based on the results, most vulnerabilities can be detected based on HTTP response content.","PeriodicalId":366005,"journal":{"name":"2017 International Conference on Data and Software Engineering (ICoDSE)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Web application fuzz testing\",\"authors\":\"Ivan Andrianto, M. Liem, Y. Asnar\",\"doi\":\"10.1109/ICODSE.2017.8285893\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is very important aspect of a web application. Therefore security testing is needed to find vulnerabilities on web applications. One of security testing technique is fuzz testing. Fuzz testing or fuzzing is a software testing technique done by giving a set of invalid inputs to the application under test. Fuzz testing is usually done by a tool. In fuzz testing for web application, a set of HTTP requests will be sent to the application under test in order to see how the application behaves when getting various inputs. It would be better if fuzz testing for web application can run automatically on certain conditions. In this research, we develop a platform and tools for web application fuzz testing automation that can be integrated to Jenkins. The tool has been tested on web applications with known vulnerabilities. In 13 of the 15 test cases, the tool can successfully found the presence of vulnerabilities. Based on the results, most vulnerabilities can be detected based on HTTP response content.\",\"PeriodicalId\":366005,\"journal\":{\"name\":\"2017 International Conference on Data and Software Engineering (ICoDSE)\",\"volume\":\"79 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Data and Software Engineering (ICoDSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICODSE.2017.8285893\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Data and Software Engineering (ICoDSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICODSE.2017.8285893","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

安全性是web应用程序的一个非常重要的方面。因此,需要进行安全测试来发现web应用程序上的漏洞。模糊测试是一种安全测试技术。模糊测试或模糊测试是一种软件测试技术,通过向被测应用程序提供一组无效输入来完成。模糊测试通常由工具完成。在web应用程序的模糊测试中,一组HTTP请求将被发送到被测应用程序,以查看应用程序在获得各种输入时的行为。如果web应用程序的模糊测试能够在特定条件下自动运行,那就更好了。在本研究中,我们开发了一个可以集成到Jenkins中的web应用程序模糊测试自动化平台和工具。该工具已在具有已知漏洞的web应用程序上进行了测试。在15个测试用例中的13个中,该工具可以成功地发现漏洞的存在。根据结果,大多数漏洞可以根据HTTP响应内容进行检测。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Web application fuzz testing
Security is very important aspect of a web application. Therefore security testing is needed to find vulnerabilities on web applications. One of security testing technique is fuzz testing. Fuzz testing or fuzzing is a software testing technique done by giving a set of invalid inputs to the application under test. Fuzz testing is usually done by a tool. In fuzz testing for web application, a set of HTTP requests will be sent to the application under test in order to see how the application behaves when getting various inputs. It would be better if fuzz testing for web application can run automatically on certain conditions. In this research, we develop a platform and tools for web application fuzz testing automation that can be integrated to Jenkins. The tool has been tested on web applications with known vulnerabilities. In 13 of the 15 test cases, the tool can successfully found the presence of vulnerabilities. Based on the results, most vulnerabilities can be detected based on HTTP response content.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信