期刊名称:International Journal of Advanced Computer Science and Applications(IJACSA)
印刷版ISSN:2158-107X
电子版ISSN:2156-5570
出版年度:2021
卷号:12
期号:5
页码:849
DOI:10.14569/IJACSA.2021.0120599
出版社:Science and Information Society (SAI)
摘要:Web applications are increasingly important tools in our modern daily lives, such as in education, business transac-tions, and social media. Because of their prevalence, they are becoming more susceptible to different types of attacks that exploit security vulnerabilities. Exploiting these vulnerabilities may cause damage to the web applications as well as the end-users. Thus, web apps’ developers should identify vulnerabilities and fix them before an attacker exploits them. Using black-box fuzzing techniques for vulnerability identification is very popular during the web apps’ development life cycle. These techniques pledge to find vulnerabilities in web applications by constructing attacks without accessing their source codes. This survey explores the research that has been done in the black-box vulnerability finding and exploits construction in web applications and proposes future directions.
关键词:Black-box fuzzing; web application security; vulner-ability scanning; automatic web app testing; vulnerability detection; survey
