XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Authors:
Fabien Duchene;Roland Groz;Sanjay Rawat;Jean-Luc Richier
Affiliations:
-;-;-;-
Venue:
ICST '12 Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
Year:
2012

Citing 0
Cited 2

Algorithmic improvements on regular inference of software models and perspectives for security testing

ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
KameleonFuzz: evolutionary fuzzing for black-box XSS detection

Proceedings of the 4th ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability.