Thesis Defense: Scott Seal
Friday, April 29, 2016 at 2:00pm in Manchester 017
Optimizing Web Application Fuzzing With Genetic Algorithms And Language Theory
The widespread availability and use of computing and internet resources require software developers to implement secure development standards and rigorous testing to prevent vulnerabilities. Due to human fallibility, programming errors and logical inconsistencies abound — thus, conventions for testing software are required to ensure Confidentiality, Integrity, and Availability of sensitive user data. A combination of manual inspection and automated analysis of programs is necessary to achieve this goal. Because of the massive size of many codebases, especially considering the incorporation of third-party software and infrastructure, thorough manual code review by security experts is not always an option. Therefore, effective automated methods for testing software systems are essential.
Fuzz testing is a popular technique for automating the discovery of bugs and security errors in software systems ranging from UNIX utilities to web applications. Although mutation and generation-based fuzzing have been in use for many years, fuzzers that intelligently manage test case generation are actively being researched. In particular, optimally testing web applications with limited feedback remains elusive. This research presents a use of Evolutionary Algorithms to generate test cases which expose vulnerabilities in web applications. This thesis utilizes grammatically analyzed positive examples of SQL injection attacks in order to build a set of attack grammars that guide fitness metrics and test case generation. The efficacy of this algorithm is compared to other methods of solution generation, such as Markov Model Monte Carlo. Finally, two types of Evolutionary Algorithms (a Genetic Algorithm with heuristic-based repopulation criteria and CHC) are implemented in the fuzzing framework, and evaluated according to their ability to effectively narrow the search space.