Document Type |
: |
Thesis |
Document Title |
: |
An Enhanced Black-Box Fuzzing Approach for Modern Web Applications تحسين نهج ضبابية الصندوق الأسود لتطبيقات الويب الحديثة |
Subject |
: |
Faculty of Computing and Information Technology |
Document Language |
: |
Arabic |
Abstract |
: |
Web applications are essential in our daily lives as they are embedded in many digital interactions, such as education, health care, and financial services. The security of these applications is critical because we frequently share private and sensitive data through the application, which attracts malicious actors to target web applications for exploiting vulnerabilities. However, proactively detecting these vulnerabilities automatically is challenging because of the increasing complexity and heavy dependency on dynamic features, often programmed in JavaScript. While this dynamism and complexity enable increasingly beneficial applications, they also make security analyses of the web applications harder. In this thesis, we propose an approach that addresses the difficulties presented in modern web applications by utilizing a dynamic analysis technique in a black-box fashion to explore the applications' space. In addition, our approach performs client-side validation analyses resulting in enhanced coverage that detects a broader range of vulnerability types. We evaluated the implementation of our method using real-world modern web applications. The system discovered 207 unique URLs, successfully submitted 102 web forms, and safely exploited 32 security vulnerabilities automatically. A detailed comparison with state-of-art black-box fuzzing approaches suggests that our system outperforms others in the coverage, number of detected vulnerabilities, and performance. |
Supervisor |
: |
Prof. Omaimah Omar Bamasag |
Thesis Type |
: |
Master Thesis |
Publishing Year |
: |
1444 AH
2022 AD |
Co-Supervisor |
: |
Dr. Abeer Adil Alhuthali |
Added Date |
: |
Tuesday, February 21, 2023 |
|
Researchers
اسيل سعيد الصاعدي | Alsaedi, Aseel Saeed | Researcher | Master | |
|