Skip to Main content Skip to Navigation
Theses

Detection of Web Vulnerabilities via Model Inference assisted Evolutionary Fuzzing

Abstract : Testing is a viable approach for detecting implementation bugs which have a security impact, a.k.a. vulnerabilities. When the source code is not available, it is necessary to use black-box testing techniques. We address the problem of automatically detecting a certain class of vulnerabilities (Cross Site Scripting a.k.a. XSS) in web applications in a black-box test context. We propose an approach for inferring models of web applications and fuzzing from such models and an attack grammar. We infer control plus taint flow automata, from which we produce slices, which narrow the fuzzing search space. Genetic algorithms are then used to schedule the malicious inputs which are sent to the application. We incorporate a test verdict by performing a double taint inference on the browser parse tree and combining this with taint aware vulnerability patterns. Our implementations LigRE and KameleonFuzz outperform current open-source black-box scanners. We discovered 0-day XSS (i.e., previously unknown vulnerabilities) in web applications used by millions of users.
Document type :
Theses
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/tel-01102325
Contributor : Catherine Oriat Connect in order to contact the contributor
Submitted on : Monday, January 12, 2015 - 3:20:29 PM
Last modification on : Thursday, November 19, 2020 - 12:59:57 PM
Long-term archiving on: : Saturday, April 15, 2017 - 4:16:18 PM

Identifiers

  • HAL Id : tel-01102325, version 1

Collections

CNRS | LIG | UGA

Citation

Fabien Duchene. Detection of Web Vulnerabilities via Model Inference assisted Evolutionary Fuzzing. Computation and Language [cs.CL]. Grenoble University, 2014. English. ⟨tel-01102325⟩

Share

Metrics

Record views

710

Files downloads

7420