FuzzingTool: Tool for Intrusion Testing in Web Applications
Abstract
Every day, Web applications are being used to complex activities, in order to meet market demands. With the growing use and advance of its technologies, it requires to be more concerned with information security. For that, this article presents a tool developed for intrusion testing in Web applications, the FuzzingTool. The tool uses the fuzzing technique to find flaws in these applications, with very promising results in tests, e.g., identifying several potentially unsafe auxiliary sites from a main domain.
Keywords:
Intrusion Test, Web Applications, Fuzzing
References
CVE (1999). CVE-1999-0532. Disponível em: https://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0532. Acesso em: 06 de Julho, 2021.
Ferreira, N. (2021). Joomla JCK Editor 6.4.4 ’parent’ SQL Injection (2). Disponível em: https://www.exploit-db.com/exploits/49627. Acesso em: 06 de Julho, 2021.
Forrester, J. E. and Miller, B. P. (2000). An empirical study of the robustness of Windows NT applications using random testing. 4th USENIX Windows Systems Symposium.
Jackson, T. (2021). Wordpress Plugin YOP Polls 6.2.7 Stored Cross Site Scripting (XSS). Disponível em: https://www.exploit-db.com/exploits/50066. Acesso em: 06 de Julho, 2021.
Jingyu, Z., Hongchao, H., Shumin, H., and Huanruo, L. (2021). A XSS attack detection method based on subsequence matching algorithm. In 2021 IEEE International Conference on Articial Intelligence and Industrial Design (AIID), pages 83–86.
Miller, B., Zhang, M., and Heymann, E. (2020). The relevance of classic fuzz testing: Have we solved this one? IEEE Transactions on Software Engineering, pages 1–1.
Miller, B. P., Fredriksen, L., and So, B. (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, (33).
Refactoring Guru (2014). Padrões de projeto em python. Disponível em: https://refactoring.guru/pt-br/design-patterns/python. Acesso em: 06 de Julho, 2021.
Sivasangari, A., Jyotsna, J., and Pravalika, K. (2021). SQL injection attack detection using machine learning algorithm. In 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), pages 1166–1169.
The OWASP Foundation (2020). Top 10 web application security risks. Disponível em: https://owasp.org/www-project-top-ten/. Acesso em: 06 de Julho, 2021.
Yari, I. A., Abdullahi, B., and Adeshina, S. A. (2019). Towards a framework of conguring and In 2019 15th International evaluating modsecurity waf on tomcat and apache web servers. Conference on Electronics, Computer and Computation (ICECCO), pages 1–7.
Ferreira, N. (2021). Joomla JCK Editor 6.4.4 ’parent’ SQL Injection (2). Disponível em: https://www.exploit-db.com/exploits/49627. Acesso em: 06 de Julho, 2021.
Forrester, J. E. and Miller, B. P. (2000). An empirical study of the robustness of Windows NT applications using random testing. 4th USENIX Windows Systems Symposium.
Jackson, T. (2021). Wordpress Plugin YOP Polls 6.2.7 Stored Cross Site Scripting (XSS). Disponível em: https://www.exploit-db.com/exploits/50066. Acesso em: 06 de Julho, 2021.
Jingyu, Z., Hongchao, H., Shumin, H., and Huanruo, L. (2021). A XSS attack detection method based on subsequence matching algorithm. In 2021 IEEE International Conference on Articial Intelligence and Industrial Design (AIID), pages 83–86.
Miller, B., Zhang, M., and Heymann, E. (2020). The relevance of classic fuzz testing: Have we solved this one? IEEE Transactions on Software Engineering, pages 1–1.
Miller, B. P., Fredriksen, L., and So, B. (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, (33).
Refactoring Guru (2014). Padrões de projeto em python. Disponível em: https://refactoring.guru/pt-br/design-patterns/python. Acesso em: 06 de Julho, 2021.
Sivasangari, A., Jyotsna, J., and Pravalika, K. (2021). SQL injection attack detection using machine learning algorithm. In 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), pages 1166–1169.
The OWASP Foundation (2020). Top 10 web application security risks. Disponível em: https://owasp.org/www-project-top-ten/. Acesso em: 06 de Julho, 2021.
Yari, I. A., Abdullahi, B., and Adeshina, S. A. (2019). Towards a framework of conguring and In 2019 15th International evaluating modsecurity waf on tomcat and apache web servers. Conference on Electronics, Computer and Computation (ICECCO), pages 1–7.
Published
2021-10-04
How to Cite
BORGES, Vitor O. C. N.; UCHÔA, Joaquim Q..
FuzzingTool: Tool for Intrusion Testing in Web Applications. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 391-396.
DOI: https://doi.org/10.5753/sbseg.2021.17331.
