Abstract
Web applications are increasingly important tools in our modern daily lives, such as in education, business transac-tions, and social media. Because of their prevalence, they are becoming more susceptible to different types of attacks that exploit security vulnerabilities. Exploiting these vulnerabilities may cause damage to the web applications as well as the end-users. Thus, web apps’ developers should identify vulnerabilities and fix them before an attacker exploits them. Using black-box fuzzing techniques for vulnerability identification is very popular during the web apps’ development life cycle. These techniques pledge to find vulnerabilities in web applications by constructing attacks without accessing their source codes. This survey explores the research that has been done in the black-box vulnerability finding and exploits construction in web applications and proposes future directions.
Highlights
Web applications are significant components in various fields: commercial, banking, entertainment, education, healthcare, and social networking
The security of web applications is of paramount concern
The white-box testing is based on examining the source code and the behavior of a web application to find security vulnerabilities
Summary
Web applications are significant components in various fields: commercial, banking, entertainment, education, healthcare, and social networking. The white-box testing is based on examining the source code and the behavior of a web application to find security vulnerabilities Several studies utilized this technique to identify critical vulnerabilities in web applications such as [3], [4], [5], [6], [7], [8], and [9]. Compared with white-box, the major benefit of using black-box fuzzing is that it is fast and efficient, and it can find security bugs in any web application, regardless of its implementation details This technique applies to a wide range of web applications. As a result of the pressing need to protect web applications without accessing the source code, a significant research effort has been geared towards developing many techniques for detecting web applications using the black-box fuzzing approach.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
