Research On White-Box Web Fuzzing Test Based On Code Property Graph

Web security vulnerabilitiy is one of the most important reason for jeopardizing the security of web applications,so it is particularly important to detect web application vulnerabilities.The existing research directions of web security testing are mainly divided into two parts: Fuzzing test and white-box based code auditing.However,the existing web Fuzzing test method based on black box or gray box testing method,is mainly used after the web application is released,and its testing effective is limited.White-box code auditing method based on a large amount of information about source code achieves good results,but its core technical,symbols execution,requires a large amount of calculation space resources and time resources.In view of the above problems,this paper proposes a view that the effectiveness and time of web security testing need to be balanced.Therefore,this paper attempts to design a web white box fuzzing tool based on the code structure description model.First,in view of the existing problems of the existing code structure description model for web applications,this paper proposes a new code structure description model named code property graph.Then,this paper proposed a web white box fuzzing method based on the code property graph which abstract the execution information of the web application into the path information in the code property graph in order to guide the fuzzing process and make its mutation and screening more targeted.The main research contents and innovations of this article have the following three aspects.1)Research on web code structure description model The web code structure description model is a part of the white box test,which use to abstract the structure and semantic information of the code.Due to the complexity of web applications,the traditional code structure description model does not provide a good abstraction of the overall structure of web applications.Therefore,this article first analyzes the complexity of the web applications,and points out the main reason for the complexity of the web applications is that the call relationship of web applications are invisible.Then,this paper proposes a brand-new code structure description method named code property graph based on the call relationship,which converts the call relationship into an edge structure in the graph,so that it can meet the description of the call relationship existing in the web complex scene and the entire web application.and construct the structural relationship.2)Research on web white box fuzzy testing method based on code property graph The general black box or gray box web fuzzing method adopts blind mutation without guidance information,which cannot pass through many control flow branches,so the depth of fuzzing test also stays at a shallow level.However,after combining fuzz testing with white box information,the white box code structure description model can provide rich semantic and structural relationships to the fuzz testing model,making the depth of fuzz testing deeper.Therefore,based on the concept of code property graphs with rich calling relationships,this paper proposes a web white box fuzzing method that combines white box code analysis and black box fuzzing.First,perceive and monitor web runtime information.Secondly,the runtime information is abstracted into the path information of the code property graph into the black box,and the path-sensitive seed scheduling strategy is used to guide the screening process of fuzzing test seeds,which can reduce the blindness of web fuzzing and accelerate the process of fuzzing.3)Directional gain calculation method based on path sensitivity The traditional seed evolution strategy in fuzzy testing is mainly based on function distance and unexplored branches.These strategies mainly emphasize the ability to explore unknown child nodes and are applicable to the field of software security.In the web security test,there are fewer overflows and crashes but more differences in the control flow branch routes.The traditional seed evolution method is not applicable.Based on the characteristics of control flow branching in web applications,this paper designed a path-sensitive web fuzzy test seed evolution strategy.First,this paper defines the calculation method of the distance between the paths of before and after mutation,secondly,defines the calculation method of the path gain based on the distance between the paths,and finally schedule the fuzzing test seeds by calculating the path gain between the seeds,making the fuzz test direction more suitable for web applications.