Document Details

Document Type : Thesis 
Document Title :
An Enhanced Black-Box Fuzzing Approach for Modern Web Applications
تحسين نهج ضبابية الصندوق الأسود لتطبيقات الويب الحديثة
 
Subject : Faculty of Computing and Information Technology 
Document Language : Arabic 
Abstract : Web applications are essential in our daily lives as they are embedded in many digital interactions, such as education, health care, and financial services. The security of these applications is critical because we frequently share private and sensitive data through the application, which attracts malicious actors to target web applications for exploiting vulnerabilities. However, proactively detecting these vulnerabilities automatically is challenging because of the increasing complexity and heavy dependency on dynamic features, often programmed in JavaScript. While this dynamism and complexity enable increasingly beneficial applications, they also make security analyses of the web applications harder. In this thesis, we propose an approach that addresses the difficulties presented in modern web applications by utilizing a dynamic analysis technique in a black-box fashion to explore the applications' space. In addition, our approach performs client-side validation analyses resulting in enhanced coverage that detects a broader range of vulnerability types. We evaluated the implementation of our method using real-world modern web applications. The system discovered 207 unique URLs, successfully submitted 102 web forms, and safely exploited 32 security vulnerabilities automatically. A detailed comparison with state-of-art black-box fuzzing approaches suggests that our system outperforms others in the coverage, number of detected vulnerabilities, and performance. 
Supervisor : Prof. Omaimah Omar Bamasag 
Thesis Type : Master Thesis 
Publishing Year : 1444 AH
2022 AD
 
Co-Supervisor : Dr. Abeer Adil Alhuthali 
Added Date : Tuesday, February 21, 2023 

Researchers

Researcher Name (Arabic)Researcher Name (English)Researcher TypeDr GradeEmail
اسيل سعيد الصاعديAlsaedi, Aseel SaeedResearcherMaster 

Files

File NameTypeDescription
 48997.pdf pdf 

Back To Researches Page