Research And Implementation Of Web Vulnerability Detecting Based On Fuzzing Test

With the development of the Internet,web applications have begun to explode.Behind rapid development,there are a large number of vulnerabilities in web applications.How to quickly and effectively find these web vulnerabilities and help developers to repair them in a timely manner is a web security problem that needs to be solved today.The traditional web vulnerabilities fuzzing methods have problems such as limited test cases,lack of diversity,and blindness.Therefore,how to dynamically generate test cases purposefully,improve the offensiveness of test cases,and improve the efficiency of Web vulnerability fuzzy testing have very important theoretical and practical value.This paper analyzes and studies the current fuzzing technology in the field of web vulnerability mining,and then proposes a web vulnerability fuzzing method based on improved genetic algorithm.This method uses a test case semantic analysis method based on functional unit division to preprocess web vulnerability test cases,helping genetic algorithms understand the grammatical structure of test cases.And this method also improves the genetic algorithm and makes it suitable for the generation of web vulnerabilities fuzzing test cases.This paper proposes an algorithm for generating web vulnerabilities fuzzing test cases based on improved genetic algorithms,and dynamically generates more diverse and more aggressive test cases for web vulnerabilities fuzzing.Also,a web vulnerability mining system based on fuzzing is designed and implemented,and the implementation of each module is explained in detail.Finally,paper design experiments verify the effectiveness and practicability of the proposed method and system.The main contents of the thesis are:1.This paper proposes a test case semantic analysis method based on functional unit division.By analyzing the syntax structure of the web vulnerability test case,each grammatical component is defined as a functional unit,and the test case is divided according to the preset functional unit,so that the genetic algorithm uses the functional unit as the basic operation unit to ensure that the genetic operation will not destroy the attack syntax structure of Web vulnerability test cases,and solve the problem that the traditional genetic algorithm coding method destroys the test case syntax structure.2.An algorithm for generating web vulnerabilities fuzzing test cases based on improved genetic algorithms is proposed.In order to introduce the genetic algorithm into the fuzzing of Web vulnerabilities,the semantic analysis method is used to pre-process the test cases.Then design and improve the fitness function,selection,crossover and mutation operations.Finally,an improved mutation method is proposed to imitate the mutation method by imitating the mutation strategy of the excellent individual to improve the bypassing ability of the poor individual,and to improve the efficiency of the genetic algorithm and the aggressiveness of the test case.3.Designed and developed a web vulnerability mining system based on fuzzing.The web vulnerability mining system can use the improved genetic algorithm to generate web vulnerabilities fuzzing test cases,and perform vulnerability mining on web applications.The experimental results show that the fuzzing method for web vulnerabilities based on improved genetic algorithms can effectively improve the aggressiveness of test cases,and improve the efficiency of genetic algorithms.The system can effectively mine SQL injection attack vulnerabilities and XSS cross-site scripting vulnerabilities in actual web applications.It also has has the ability to automatically perform fuzzing.Experiments have proved its feasibility and effectiveness.