Web Application Security Testing Technique Based On Fuzzying And Implementation Of The Tool

With the rapid development and wide spread of Internet, the security of web application is becoming an unavoidable problem in the web application area. To do security testing on the web application, to effectively and timely find the security vulnerability of the web application that are essential for the maintenance of web application security. Fuzz testing or fuzzing as a defect injection based automated software testing technology which is developing into an effective testing method for software security. Currently, it is still in the initial stage in fuzzing testing field domestically. Thus this paper aims to track this technology combined with the theory of security vulnerabilities for web application, to research and realize the testing tools for web application security based on fuzzing method.This research investigates the fuzzing theory which includes thought, process as well as data generated method on fuzzing. In accordance with the research approach on web application security testing of HTTP agreement based, and with the features of web application, discussing the access principle, communication agreement of web application, and HTTP request and response, as well as the principle of web application vulnerabilities. Furthermore, this research focuses on the generated data-method of web application on fuzzing. Therefore designing different testing solutions for fuzz data and detailed fuzz vulnerabilities targeted the imitational attackers who usually appear in the vulnerabilities of web application, and established data files accordingly. Bases on this solution, this article adopts C# language to develop a fuzzing tool of web application of graphical user interface—WFT. This tool can be used for users to self-generating the fuzzing input of web application, select the types of fuzzing, and carry out testing, at the same time capturing the results of fuzzing. Today, the development of WFT code has almost been completed. This paper applies two case studies and uses WFT to do fuzzing on a remote web application and the web that build on VMware virtual machine respectively, and analyze the testing results, therefore indicating the efficiency of the technology of web application testing security based on fuzzing method.