gFuzz: An Instrumented Web Application Fuzzing Environment

gFuzz: An Instrumented Web Application Fuzzing Environment

Web application fuzzers have traditionally been used by security experts as a first step in a security assessment. They typically produce false positive alerts and all the vulnerability reports must be carefully studied. We introduce a new fuzzing solution for PHP web applications that improves the detection accuracy and enriches the information provided in vulnerability reports. We use dynamic character-grained taint analysis and grammar-based analysis in order to analyze the anatomy of each executed SQL query and determine which resulted in successful attacks. A vulnerability report is then accompanied by the offending lines of source code and the fuzz vector (with attacker-controlled characters individualized). As a result, the usage of the tool is not restricted to security experts, but the tool becomes usable for developers. The prototype is available as open source software. 

Related information

Projects

Gfuzz

Tools

Core Grasp | <a data-cke-saved-href="/corelabs-research/tools/gFuzz" href="/corelabs-research/tools/gFuzz" "="">gFuzz

Wednesday, October 22, 2008