BIBLIOS

   Ciências References Management System

Visitor Mode (Login)
Need help?


Back

Publication details

Document type
Conference papers

Document subtype
Full paper

Title
Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing

Participants in the publication
João Caseirito (Author)
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA
 LASIGE
 Ibéria Medeiros (Author)
Dep. Informática
 LASIGE
Summary
The vast majority of online services we use nowadays provide their web application to the users. The correctness of the source code of these applications is crucial to prevent attackers from exploiting its vulnerabilities, leading to severe consequences like the disclosure of sensitive information or the degradation of the availability of the application. Currently, multiple existent solutions analyse and detect vulnerabilities in the source code. Attackers, however, do not usually have access to the source code and must work with the information that is made public. Their goals are clear – exploit vulnerabilities without accessing the code –, and they resort of black-box fuzzing tools to achieve such. In this paper, we propose an ensemble fuzzing approach to check the correctness of the web applications from the point of view of an attacker and, in a posterior phase, analyse the source code to correlate with the collected information. The approach focuses first on the quality of fuzzers’ crawlers and afterwards on fuzzers capabilities of exploiting the results of all crawlers between them, in order to provide better coverage and precision in the detection of web vulnerabilities. Our preliminary results show that the ensemble performs better than fuzzers individually.

Date of Publication
2021

Institution
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Event
Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering

Publication Identifiers

Address
Online Streaming, --- Select a Country ---

Publisher
SCITEPRESS - Science and Technology Publications

Document Identifiers
DOI - https://doi.org/10.5220/0010484904050412
URL - http://dx.doi.org/10.5220/0010484904050412

Rankings
CORE B (2020) -

Keywords
Fuzzing Web Applications Vulnerability Discovery


Export

APA
João Caseirito, Ibéria Medeiros, (2021). Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing. Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering, -

IEEE
João Caseirito, Ibéria Medeiros, "Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing" in Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering, Online Streaming, --- Select a Country ---, 2021, pp. -, doi: 10.5220/0010484904050412

BIBTEX
@InProceedings{51168, author = {João Caseirito and Ibéria Medeiros}, title = {Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing}, booktitle = {Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering}, year = 2021, pages = {-}, address = {Online Streaming, --- Select a Country ---}, publisher = {SCITEPRESS - Science and Technology Publications} }