An empirical study of the reliability of UNIX utilities
Communications of the ACM
Evolving computer intrusion scripts for vulnerability assessment and log analysis
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach
ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Regular expressions considered harmful in client-side XSS filters
Proceedings of the 19th international conference on World wide web
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
State of the Art: Automated Black-Box Web Application Vulnerability Testing
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
EC2ND '10 Proceedings of the 2010 European Conference on Computer Network Defense
Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
Finding Software Vulnerabilities by Smart Fuzzing
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
Security Vulnerabilities Detection Using Model Inference for Applications and Security Protocols
ICSTW '11 Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A Clustering Approach for Web Vulnerabilities Detection
PRDC '11 Proceedings of the 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing
XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing
ICST '12 Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
A Taint Based Approach for Smart Fuzzing
ICST '12 Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Finding your way in the testing jungle: a learning approach to web security testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
25 million flows later: large-scale detection of DOM-based XSS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
mXSS attacks: attacking well-secured web-applications by using innerHTML mutations
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects? In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded. Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.