Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Domän-Webb-Applikations-Fuzzer (DWAF).
KTH, School of Computer Science and Communication (CSC).
KTH, School of Computer Science and Communication (CSC).
2011 (Swedish)Independent thesis Advanced level (professional degree), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Fuzzing, or fuzz testing is an automated testing technique for computer programs. For various reasons it has become increasingly common to use this technology. This report will first describe why there is a need for a fuzzer that can test several applications in a domain. Then, it explains the important elements of a fuzzer and how to implement them. Finally we will test our own implementation of a fuzzer, DWAF, on a number of web applications, which clearly shows that it is able to find many SQL-injections and XSS bugs.

Abstract [sv]

Fuzzing eller fuzz-testning är en automatiserad testningsmetod för datorprogram. Tekniken har av olika anledningar blivit allt vanligare som testningsmetod. Den här rapporten kommer först att beskriva varför det finns ett behov av en fuzzer som testar/kan testa flera applikationer i en domän. Den förklarar sedan de viktiga delarna i en fuzzer och hur man implementerar en sådan. Avslutningsvis testas den implementerade fuzzern DWAF mot ett antal webbapplikationer som tydlig visar att den har förmågan att hitta många SQL-injection och XSS-buggar.

Place, publisher, year, edition, pages
2011.
Series
Kandidatexjobb CSC, K11045
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-130819OAI: oai:DiVA.org:kth-130819DiVA: diva2:654266
Educational program
Master of Science in Engineering - Computer Science and Technology
Uppsok
Technology
Supervisors
Examiners
Available from: 2013-10-07 Created: 2013-10-07

Open Access in DiVA

No full text

Other links

http://www.csc.kth.se/utbildning/kandidatexjobb/datateknik/2011/rapport/farahmand_mokarremi_hanif_OCH_jahanbakhsh_ashkan_K11045.pdf
By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 47 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf