Techniques for Finding Vulnerabilities in Web Applications

Mihai Sandulescu

Abstract


The current trend is to move everything on the Internet. Because a lot of companies store sensitive user information, security has become mandatory. Usually, software developers don’t follow some basic practices in order to secure their applications. This paper will present in the second chapter, the white-box, black-box and gray-box methods which can be used in order to test applications for possible vulnerabilities. It focuses on fuzz testing, which is a black-box testing method, presented in the third chapter. The fourth chapter presents the stages of a fuzzing test and in the final chapter, we show a basic practical example on how to use the Burp Suite[8] fuzzer to find a vulnerability.


Keywords


vulnerabilities, fuzzing, black-box, white-box, web application, owasp, burp suite

Full Text:

PDF

References


Michael Sutton, Adam Greene, Pedram Amini, Fuzzing – Brute force vulnerability discovery, Addison Wesley, 2007;

Paco Hope, Ben Walther, Web security testing cookbook – Systematic techniques to find problems fast, O’Reilly, 2008;

White-box testing, Wikipedia, http://en.wikipedia.org/wiki/White-box_testing;

Black-box testing, Wikipedia, http://en.wikipedia.org/wiki/Black-box_testing;

Black Box and White Box Testing for Application Blocks, Microsoft Patterns and Practices, January 2005, http://msdn.microsoft.com/en-us/library/ff649503.aspx;

Fuzzing, OWASP, https://owasp.org/index.php/Fuzzing;

Bart Miller, Project List, University of Wisconsin Madison, 1988;

Burp Suite, http://portswigger.net/burp/


Refbacks

  • There are currently no refbacks.


Journal of Mobile, Embedded and Distributed Systems (JMEDS) ISSN: 2067 – 4074 (online)