Title
gFuzz: An Instrumented Web Application Fuzzing Environment
Authors
Ezequiel Gutesman
In
Hack.Lu '08. October 22-24, 2008. Luxembourg.
Date published
2008-10
Keywords
web application fuzzing, fine-grained instrumentation

Abstract

Web application fuzzers have traditionally been used by security experts as a first step in a security assessment. They typically produce false positive alerts and all the vulnerability reports must be carefully studied. We introduce a new fuzzing solution for PHP web applications that improves the detection accuracy and enriches the information provided in vulnerability reports. We use dynamic character-grained taint analysis and grammar-based analysis in order to analyze the anatomy of each executed SQL query and determine which resulted in successful attacks. A vulnerability report is then accompanied by the offending lines of source code and the fuzz vector (with attacker-controlled characters individualized). As a result, the usage of the tool is not restricted to security experts, but the tool becomes usable for developers. The prototype is available as open source software.

Attachments

gfuzz-Hack.Lu-2008.pdf - Hack.Lu 2008 presentation