Effective and scalable black-box fuzzing approach for modern web applications

Abstract

Web applications’ security is critical because we share sensitive data through them frequently, which attracts attackers who exploit their vulnerabilities. Detecting and exploiting such vulnerabilities automatically is challenging because of the applications’ increasing complexity and strong dependence upon dynamic features such as JavaScript. In this paper, we propose an approach that addresses the difficulties presented in web applications by using dynamic analysis techniques in a black-box fashion to explore applications’ space. It also performs a client-side validation analysis to increase the coverage and therefore, identify more vulnerabilities. We implemented our approach with a tool and evaluated its effectiveness using real-world web applications. Our system discovered 207 unique URLs, submitted 102 web forms successfully, and exploited 32 vulnerabilities automatically. A detailed comparison of state-of-the-art black-box fuzzing approaches showed that our system exceeds them in coverage, the number of vulnerabilities detected, and performance.