{"title":"一种启发式web服务程序安全测试方法","authors":"Gang Zhao, Weimin Zheng, Jinjing Zhao, Hua Chen","doi":"10.1109/ChinaGrid.2009.10","DOIUrl":null,"url":null,"abstract":"The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.","PeriodicalId":212445,"journal":{"name":"2009 Fourth ChinaGrid Annual Conference","volume":"96 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An Heuristic Method for Web-Service Program Security Testing\",\"authors\":\"Gang Zhao, Weimin Zheng, Jinjing Zhao, Hua Chen\",\"doi\":\"10.1109/ChinaGrid.2009.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.\",\"PeriodicalId\":212445,\"journal\":{\"name\":\"2009 Fourth ChinaGrid Annual Conference\",\"volume\":\"96 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-08-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fourth ChinaGrid Annual Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ChinaGrid.2009.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth ChinaGrid Annual Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ChinaGrid.2009.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Heuristic Method for Web-Service Program Security Testing
The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
