摘要
Web软件安全漏洞层出不穷,攻击手段日益变化,为分析现有的Web控件漏洞检测方法,提出基于Fuzzing测试方法的Web控件漏洞检测改进模型。该系统从功能上分为五大模块进行设计和实现,并结合静态分析与动态分析技术检测WebActiveX控件模型的漏洞,给出"启发式规则"来优化测试数据生成引擎。实例测试结果表明,Web控件漏洞的Fuzzing测试模型是有效和可行的,并能妥善处理好交互性问题。
The number of security vulnerabilities in the ActiveX controls has increased a lot in resent years. Once illegally used, these vulnerabilities could lead to serious consequences, in order to improve the existing vulnerabilities detection method, we present a new Fuzzing-based Web controls vulnerability detection model. The system is divided into five modules for design and implementation. We combines static analysis and dynamic analysis techniques to detect Web ActiveX control vulnerability, gives "heuristic rules" to optimize the test data generation engine. Example test results show that our Fuzzing-based Web control vulnera- bility testing model is effective , feasible, and can properly deal with the interaction problem.
出处
《微型机与应用》
2012年第4期85-88,共4页
Microcomputer & Its Applications
基金
国家自然科学基金项目(61070164)
广东省省部产学研基金项目(2008B090500201)
广东省教育厅广东高校科技成果转化重大项目(cgzhzd0807)
广东省科技计划项目(2009B010800023)
