- gFuzz: An Instrumented Web Application Fuzzing Environment
- Ezequiel Gutesman
- Hack.Lu '08. October 22-24, 2008. Luxembourg.
- Date published
- web application fuzzing, fine-grained instrumentation
Web application fuzzers have traditionally been used by security experts as a first step in a security assessment. They typically produce false positive alerts and all the vulnerability reports must be carefully studied. We introduce a new fuzzing solution for PHP web applications that improves the detection accuracy and enriches the information provided in vulnerability reports. We use dynamic character-grained taint analysis and grammar-based analysis in order to analyze the anatomy of each executed SQL query and determine which resulted in successful attacks. A vulnerability report is then accompanied by the offending lines of source code and the fuzz vector (with attacker-controlled characters individualized). As a result, the usage of the tool is not restricted to security experts, but the tool becomes usable for developers. The prototype is available as open source software.