Research and implementation of fuzzing testing based on HTTP proxy

Most of the security testing tools lack of optimization of testing,configured strategy and intelligent analysis of testing results.These problems lead to the status that these tools can’t be used in Web application testing well.A fuzzing testing method towards Web application security based on HTTP...

Full description

Saved in:
Bibliographic Details
Published in网络与信息安全学报 Vol. 2; no. 2; pp. 75 - 86
Main Authors Xin SUN,Xin-dai LU, Yi-yang YAO, Xue-jiao LIU,Yong-han WU
Format Journal Article
LanguageEnglish
Published POSTS&TELECOM PRESS Co., LTD 01.02.2016
Subjects
fuzzing
http
proxy
security vulnerability
strategy
web application
Online AccessGet full text

Cover

More Information
Summary:Most of the security testing tools lack of optimization of testing,configured strategy and intelligent analysis of testing results.These problems lead to the status that these tools can’t be used in Web application testing well.A fuzzing testing method towards Web application security based on HTTP proxy was proposed.The high-performance communication between HTTP proxy server and browser through the mechanism of asynchronous monitoring was realized.Configured strategy of testing cases based on pseudo code could help to do flexible and automatic tests.By using multi-dimensional ways to parse the packet,intelligent analysis of testing results was achieved.Experiments show that the tool supports mainstream Web application vulnerabilities detection and configured strategy of testing.It can detect the vulnerabilities such as directory traversal,SQL injection,cross-site scripting.
ISSN:2096-109X
DOI:10.11959/j.issn.2096-109x.2016.00022