For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Strain Measurement in Two-Dimension Stresses Based on Polymer-Matrix Carbon Fiber Smart Stripes
p.480
A Real-Time Campus Guidance System Based on Energy Efficient Location Determination Method
p.485
Finite Element Realization of Shape Memory Alloy Material Constitutive Model
p.490
Simulation Research for Self-Energizing Leveling Systems
p.494
Research on Fuzzing Test Data Engine for Web Vulnerability
p.500
Research on Deep Plowing for Compacted Soil Based on SPH
p.505
Fault Diagnosis of Bearings Based on Time-Delayed Correlation Demodulation and Fuzzy Clustering
p.510
Swing-Up Control by BVP Arithmetic for the Rotational Inverted Pendulum
p.515
New Open Loop Control Improves Linearity of Piezoelectric Actuators
p.520

Research on Fuzzing Test Data Engine for Web Vulnerability

Article Preview

Abstract:

With the rapid growth of e-commerce, various types of complex applications appear in web environments. web-based system testing is different from traditional software testing. The unpredictability of Internet and web systems makes it difficult to test web-based system. This paper presents an engine for Fuzzing test data towards web control vulnerabilities, and introduces "heuristic rules" and "tagged words" to generate the test data. This method can increase the intelligence of security testing and build the foundation of web vulnerability detection model.

You might also be interested in these eBooks
Mechatronics and Intelligent Materials View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 211-212)

Pages:

500-504

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.211-212.500

Citation:

Cite this paper

Online since:

February 2011

Authors:

Quan Long Guan, Guo Xiang Yao, Kai Bin Ni, Mei Xiu Zhou

Keywords:

Fuzzing Test, Heuristic Rules, Security Testing, Test Data Engine

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2011 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] T. Leek, G. Baker, R. Brown, M. Zhivich, and R. Lippmann. Coverage maximization using dynamictaint tracing. Technical Report TR-1112, MIT Lincoln Laboratory, (2007).

Google Scholar

[2] P. Godefroid. Compositional Dynamic Test Generation. The 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2007, pp.47-54.

DOI: 10.1145/1190216.1190226

Google Scholar

[3] C. Cadar, V. Ganesh, P. Pawlowski, D. Dill, and D. Engler. EXE: automatically generating inputs of death. Proceedings of the ACM Conference on Computer and Communications Security, 2006, pp.322-335.

DOI: 10.1145/1180405.1180445

Google Scholar

[4] R. Majumdar and K. Sen. LATEST: Lazy dynamic test input generation. Technical Report UCB/EECS-2007-36, EECS Department, University of California, Berkeley, (2007).

Google Scholar

[5] P. Boonstoppel, C. Cadar, and D. R. Engler. Rwset: Attacking path explosion in constraint-based test generation. Tools and Algorithms for the Construction and Analysis of Systems, 2008, P. 351–366.

DOI: 10.1007/978-3-540-78800-3_27

Google Scholar

[6] C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball. Feedback-directed random test generation. 29th International Conference on Software Engineering, 2007. pp.75-84.

DOI: 10.1109/icse.2007.37

Google Scholar

[7] Guan Quan-long, Ye Saizhi,Yao Guo-xiang. Research and design of internet public opinion analysis system,IITA International Conference on Services Science, Management and Engineering, 2009, pp.173-177.

DOI: 10.1109/ssme.2009.62

Google Scholar

[8] Dai HN, Murphy C and Kaiser G. Configuration fuzzing for software vulnerability detection. 5th International Conference on Availability, Reliability, and Security, 2010, pp.525-530.

DOI: 10.1109/ares.2010.22

Google Scholar

[9] Kim, Hyoungchun; Choi, Younghan; Lee, Dohoon; Lee, Donghoon. Practical security testing using file fuzzing. 10th International Conference on Advanced Communication Technology, - Proceedings, Vol 2(2008), pp.1304-1307.

DOI: 10.1109/icact.2008.4494003

Google Scholar

[10] Oehlert, Peter. Violating assumptions with fuzzing. IEEE Security and Privacy, v 3, n 2, pp.58-62, March/April (2005).

DOI: 10.1109/msp.2005.55

Google Scholar

[11] Liu, Qixu, Zhang, Yuqing. TFTP vulnerability finding technique based on fuzzing. Computer Communications, v 31, n 14, pp.3420-3426, September 5, (2008).

DOI: 10.1016/j.comcom.2008.05.041

Google Scholar

[12] Zhang, Xiao-Song, Shao, Lin, Zheng, Jiong. A novel method of software vulnerability detection based on fuzzing technique. International Conference on Apperceiving Computing and Intelligence Analysis, 2008, pp.270-273.

DOI: 10.1109/icacia.2008.4770021

Google Scholar

[13] Antunes, João, Neves, Nuno; Correia, Miguel; Verissimo, Paulo; Neves, Rui. Vulnerability discovery with attack injection. IEEE Transactions on Software Engineering, Vol 36(2010), pp.357-370.

DOI: 10.1109/tse.2009.91

Google Scholar

[14] Neves, Nuno; Antunes, João; Correia, Miguel; Veríssimo, Paulo; Neves, Rui. Using attack injection to discover new vulnerabilities . International Conference on Dependable Systems and Networks, v 2006(2006), pp.457-466.

DOI: 10.1109/dsn.2006.72

Google Scholar

[15] Yao, Guo-Xiang, Guan, Quan-Long, et al. Research and implementation of next generation network intrusion detection system based on protocol analysis, ISECS International Colloquium on Computing, Communication, Control, and Management, Vol 2(2008).

DOI: 10.1109/cccm.2008.30

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.