Deanship of Graduate Studies | Researches | An Enhanced Black-Box Fuzzing Approach for Modern Web Applications

Main Page
Deanship
- The Dean
  - Dean's Word
  - Curriculum Vitae
  - Contact the Dean
- Vision and Mission
- Organizational Structure
- Vice- Deanship
- Vice- Dean
- KAU Graduate Studies
Research Services & Courses
- Research Services Unit
- Important Research for Society
- Deanship's Services
  - FAQs
  - Research
  - Staff Directory
  - Files
  - Favorite Websites
  - Deanship Access Map
Graduate Studies Awards
Deanship's Staff
- Staff Directory
Files
Researches
Contact us

- عربي
- English

Deanship of Graduate Studies

Document Details

Document Type	:	Thesis
Document Title	:	An Enhanced Black-Box Fuzzing Approach for Modern Web Applications تحسين نهج ضبابية الصندوق الأسود لتطبيقات الويب الحديثة
Subject	:	Faculty of Computing and Information Technology
Document Language	:	Arabic
Abstract	:	Web applications are essential in our daily lives as they are embedded in many digital interactions, such as education, health care, and financial services. The security of these applications is critical because we frequently share private and sensitive data through the application, which attracts malicious actors to target web applications for exploiting vulnerabilities. However, proactively detecting these vulnerabilities automatically is challenging because of the increasing complexity and heavy dependency on dynamic features, often programmed in JavaScript. While this dynamism and complexity enable increasingly beneficial applications, they also make security analyses of the web applications harder. In this thesis, we propose an approach that addresses the difficulties presented in modern web applications by utilizing a dynamic analysis technique in a black-box fashion to explore the applications' space. In addition, our approach performs client-side validation analyses resulting in enhanced coverage that detects a broader range of vulnerability types. We evaluated the implementation of our method using real-world modern web applications. The system discovered 207 unique URLs, successfully submitted 102 web forms, and safely exploited 32 security vulnerabilities automatically. A detailed comparison with state-of-art black-box fuzzing approaches suggests that our system outperforms others in the coverage, number of detected vulnerabilities, and performance.
Supervisor	:	Prof. Omaimah Omar Bamasag
Thesis Type	:	Master Thesis
Publishing Year	:	1444 AH 2022 AD
Co-Supervisor	:	Dr. Abeer Adil Alhuthali
Added Date	:	Tuesday, February 21, 2023

Researchers

Researcher Name (Arabic)	Researcher Name (English)	Researcher Type	Dr Grade	Email
اسيل سعيد الصاعدي	Alsaedi, Aseel Saeed	Researcher	Master

Files

File Name	Type	Description
48997.pdf	pdf

Back To Researches Page