BIBLIOS

   Sistema de Gestão de Referências Bibliográficas de Ciências

Modo Visitante (Login)
Need help?


Voltar

Detalhes Referência

Tipo
Artigos em Conferência

Tipo de Documento
Artigo Completo

Título
Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing

Participantes na publicação
João Caseirito (Author)
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA
 LASIGE
 Ibéria Medeiros (Author)
Dep. Informática
 LASIGE
Resumo
The vast majority of online services we use nowadays provide their web application to the users. The correctness of the source code of these applications is crucial to prevent attackers from exploiting its vulnerabilities, leading to severe consequences like the disclosure of sensitive information or the degradation of the availability of the application. Currently, multiple existent solutions analyse and detect vulnerabilities in the source code. Attackers, however, do not usually have access to the source code and must work with the information that is made public. Their goals are clear – exploit vulnerabilities without accessing the code –, and they resort of black-box fuzzing tools to achieve such. In this paper, we propose an ensemble fuzzing approach to check the correctness of the web applications from the point of view of an attacker and, in a posterior phase, analyse the source code to correlate with the collected information. The approach focuses first on the quality of fuzzers’ crawlers and afterwards on fuzzers capabilities of exploiting the results of all crawlers between them, in order to provide better coverage and precision in the detection of web vulnerabilities. Our preliminary results show that the ensemble performs better than fuzzers individually.

Data de Publicação
2021

Instituição
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Evento
Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering

Identificadores da Publicação

Local
Online Streaming, --- Select a Country ---

Editora
SCITEPRESS - Science and Technology Publications

Identificadores do Documento
DOI - https://doi.org/10.5220/0010484904050412
URL - http://dx.doi.org/10.5220/0010484904050412

Identificadores de Qualidade
CORE B (2020) -

Keywords
Fuzzing Web Applications Vulnerability Discovery


Exportar referência

APA
João Caseirito, Ibéria Medeiros, (2021). Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing. Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering, -

IEEE
João Caseirito, Ibéria Medeiros, "Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing" in Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering, Online Streaming, --- Select a Country ---, 2021, pp. -, doi: 10.5220/0010484904050412

BIBTEX
@InProceedings{51168, author = {João Caseirito and Ibéria Medeiros}, title = {Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing}, booktitle = {Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering}, year = 2021, pages = {-}, address = {Online Streaming, --- Select a Country ---}, publisher = {SCITEPRESS - Science and Technology Publications} }