Techniques for Finding Vulnerabilities in Web Applications


  • Mihai Sandulescu The Bucharest University of Economic Studies


vulnerabilities, fuzzing, black-box, white-box, web application, owasp, burp suite


The current trend is to move everything on the Internet. Because a lot of companies store sensitive user information, security has become mandatory. Usually, software developers don’t follow some basic practices in order to secure their applications. This paper will present in the second chapter, the white-box, black-box and gray-box methods which can be used in order to test applications for possible vulnerabilities. It focuses on fuzz testing, which is a black-box testing method, presented in the third chapter. The fourth chapter presents the stages of a fuzzing test and in the final chapter, we show a basic practical example on how to use the Burp Suite[8] fuzzer to find a vulnerability.

Author Biography

Mihai Sandulescu, The Bucharest University of Economic Studies

IT&C Security Master Program

Department of Economic Informatics and Cybernetics


Michael Sutton, Adam Greene, Pedram Amini, Fuzzing – Brute force vulnerability discovery, Addison Wesley, 2007;

Paco Hope, Ben Walther, Web security testing cookbook – Systematic techniques to find problems fast, O’Reilly, 2008;

White-box testing, Wikipedia,;

Black-box testing, Wikipedia,;

Black Box and White Box Testing for Application Blocks, Microsoft Patterns and Practices, January 2005,;

Fuzzing, OWASP,;

Bart Miller, Project List, University of Wisconsin Madison, 1988;

Burp Suite,




How to Cite

Sandulescu, M. (2014). Techniques for Finding Vulnerabilities in Web Applications. Journal of Mobile, Embedded and Distributed Systems, 6(1), 44-51. Retrieved from