Title: "Gfuzz an instrumented Web application fuzzing environment"
Presenter: E. Gutesman
Date: Oct. 22-24, 2008
Abstract:
Web application fuzzers have traditionally been used by security experts as a first step in a security assessment. They typically produce false positive alerts and all the vulnerability reports must be carefully studied. We introduce a new fuzzing solution for PHP Web applications that improves the detection accuracy and enriches the information provided in vulnerability reports. We use dynamic character-grained taint analysis and grammar-based analysis to analyze the anatomy of each executed SQL query and determine which hve resulted in successful attacks. A vulnerability report is then accompanied by the offending lines of source code and the fuzz vector (with attacker-controlled characters individualized). As a result, the usage of the tool is not restricted to security experts, but the tool becomes usable for developers. The prototype is available as open source software.
