Skip to Main content Skip to Navigation
New interface

Detection of Web Vulnerabilities via Model Inference assisted Evolutionary Fuzzing

Abstract : Testing is a viable approach for detecting implementation bugs which have a security impact, a.k.a. vulnerabilities. When the source code is not available, it is necessary to use black-box testing techniques. We address the problem of automatically detecting a certain class of vulnerabilities (Cross Site Scripting a.k.a. XSS) in web applications in a black-box test context. We propose an approach for inferring models of web applications and fuzzing from such models and an attack grammar. We infer control plus taint flow automata, from which we produce slices, which narrow the fuzzing search space. Genetic algorithms are then used to schedule the malicious inputs which are sent to the application. We incorporate a test verdict by performing a double taint inference on the browser parse tree and combining this with taint aware vulnerability patterns. Our implementations LigRE and KameleonFuzz outperform current open-source black-box scanners. We discovered 0-day XSS (i.e., previously unknown vulnerabilities) in web applications used by millions of users.
Document type :
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download
Contributor : Catherine Oriat Connect in order to contact the contributor
Submitted on : Monday, January 12, 2015 - 3:20:29 PM
Last modification on : Wednesday, July 6, 2022 - 4:24:01 AM
Long-term archiving on: : Saturday, April 15, 2017 - 4:16:18 PM


  • HAL Id : tel-01102325, version 1



Fabien Duchene. Detection of Web Vulnerabilities via Model Inference assisted Evolutionary Fuzzing. Computation and Language [cs.CL]. Grenoble University, 2014. English. ⟨NNT : ⟩. ⟨tel-01102325⟩



Record views


Files downloads