Abstract
Web applications are increasingly important tools in our modern daily lives, such as in education, business transac-tions, and social media. Because of their prevalence, they are becoming more susceptible to different types of attacks that exploit security vulnerabilities. Exploiting these vulnerabilities may cause damage to the web applications as well as the end-users. Thus, web apps’ developers should identify vulnerabilities and fix them before an attacker exploits them. Using black-box fuzzing techniques for vulnerability identification is very popular during the web apps’ development life cycle. These techniques pledge to find vulnerabilities in web applications by constructing attacks without accessing their source codes. This survey explores the research that has been done in the black-box vulnerability finding and exploits construction in web applications and proposes future directions.
Highlights
Web applications are significant components in various fields: commercial, banking, entertainment, education, healthcare, and social networking
The security of web applications is of paramount concern
The white-box testing is based on examining the source code and the behavior of a web application to find security vulnerabilities
Summary
Web applications are significant components in various fields: commercial, banking, entertainment, education, healthcare, and social networking. The white-box testing is based on examining the source code and the behavior of a web application to find security vulnerabilities Several studies utilized this technique to identify critical vulnerabilities in web applications such as [3], [4], [5], [6], [7], [8], and [9]. Compared with white-box, the major benefit of using black-box fuzzing is that it is fast and efficient, and it can find security bugs in any web application, regardless of its implementation details This technique applies to a wide range of web applications. As a result of the pressing need to protect web applications without accessing the source code, a significant research effort has been geared towards developing many techniques for detecting web applications using the black-box fuzzing approach.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
