Research and implementation of fuzzing testing based on HTTP proxy
Most of the security testing tools lack of optimization of testing,configured strategy and intelligent analysis of testing results.These problems lead to the status that these tools can’t be used in Web application testing well.A fuzzing testing method towards Web application security based on HTTP...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2016-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2016.00022 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530382347927552 |
|---|---|
| author | Xin SUN Yi-yang YAO Xin-dai LU Xue-jiao LIU Yong-han WU |
| author_facet | Xin SUN Yi-yang YAO Xin-dai LU Xue-jiao LIU Yong-han WU |
| author_sort | Xin SUN |
| collection | DOAJ |
| description | Most of the security testing tools lack of optimization of testing,configured strategy and intelligent analysis of testing results.These problems lead to the status that these tools can’t be used in Web application testing well.A fuzzing testing method towards Web application security based on HTTP proxy was proposed.The high-performance communication between HTTP proxy server and browser through the mechanism of asynchronous monitoring was realized.Configured strategy of testing cases based on pseudo code could help to do flexible and automatic tests.By using multi-dimensional ways to parse the packet,intelligent analysis of testing results was achieved.Experiments show that the tool supports mainstream Web application vulnerabilities detection and configured strategy of testing.It can detect the vulnerabilities such as directory traversal,SQL injection,cross-site scripting. |
| format | Article |
| id | doaj-art-84a03a3a88b04a69a99feb1781c02956 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2016-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-84a03a3a88b04a69a99feb1781c029562025-01-15T03:04:23ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2016-02-012758659543980Research and implementation of fuzzing testing based on HTTP proxyXin SUNYi-yang YAOXin-dai LUXue-jiao LIUYong-han WUMost of the security testing tools lack of optimization of testing,configured strategy and intelligent analysis of testing results.These problems lead to the status that these tools can’t be used in Web application testing well.A fuzzing testing method towards Web application security based on HTTP proxy was proposed.The high-performance communication between HTTP proxy server and browser through the mechanism of asynchronous monitoring was realized.Configured strategy of testing cases based on pseudo code could help to do flexible and automatic tests.By using multi-dimensional ways to parse the packet,intelligent analysis of testing results was achieved.Experiments show that the tool supports mainstream Web application vulnerabilities detection and configured strategy of testing.It can detect the vulnerabilities such as directory traversal,SQL injection,cross-site scripting.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2016.00022fuzzingHTTPproxyWeb applicationsecurity vulnerabilitystrategy |
| spellingShingle | Xin SUN Yi-yang YAO Xin-dai LU Xue-jiao LIU Yong-han WU Research and implementation of fuzzing testing based on HTTP proxy 网络与信息安全学报 fuzzing HTTP proxy Web application security vulnerability strategy |
| title | Research and implementation of fuzzing testing based on HTTP proxy |
| title_full | Research and implementation of fuzzing testing based on HTTP proxy |
| title_fullStr | Research and implementation of fuzzing testing based on HTTP proxy |
| title_full_unstemmed | Research and implementation of fuzzing testing based on HTTP proxy |
| title_short | Research and implementation of fuzzing testing based on HTTP proxy |
| title_sort | research and implementation of fuzzing testing based on http proxy |
| topic | fuzzing HTTP proxy Web application security vulnerability strategy |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2016.00022 |
| work_keys_str_mv | AT xinsun researchandimplementationoffuzzingtestingbasedonhttpproxy AT yiyangyao researchandimplementationoffuzzingtestingbasedonhttpproxy AT xindailu researchandimplementationoffuzzingtestingbasedonhttpproxy AT xuejiaoliu researchandimplementationoffuzzingtestingbasedonhttpproxy AT yonghanwu researchandimplementationoffuzzingtestingbasedonhttpproxy |