DocumentCode
2089715
Title
XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing
Author
Duchene, Fabien ; Groz, Roland ; Rawat, Sanjay ; Richier, Jean-Luc
Author_Institution
Lab. d´´Inf. de Grenoble, UJF-Grenoble 1, Grenoble, France
fYear
2012
fDate
17-21 April 2012
Firstpage
815
Lastpage
817
Abstract
We present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability.
Keywords
Internet; fuzzy set theory; genetic algorithms; program testing; security of data; Web injection vulnerability detection; application behavior; cross site scripting vulnerability detection; genetic algorithm; model inference assisted evolutionary fuzzing; test input generation; Conferences; Genetic algorithms; Grammar; HTML; Production; Security; Testing; Black-Box Security Testing; Genetic Algorithm; Model Based Fuzzing; Model Inference; Test Automation;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on
Conference_Location
Montreal, QC
Print_ISBN
978-1-4577-1906-6
Type
conf
DOI
10.1109/ICST.2012.181
Filename
6200193
Link To Document