Change search
ReferencesLink to record
Permanent link

Direct link
Domän-Webb-Applikations-Fuzzer (DWAF).
KTH, School of Computer Science and Communication (CSC).
KTH, School of Computer Science and Communication (CSC).
2011 (Swedish)Independent thesis Advanced level (professional degree), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Fuzzing, or fuzz testing is an automated testing technique for computer programs. For various reasons it has become increasingly common to use this technology. This report will first describe why there is a need for a fuzzer that can test several applications in a domain. Then, it explains the important elements of a fuzzer and how to implement them. Finally we will test our own implementation of a fuzzer, DWAF, on a number of web applications, which clearly shows that it is able to find many SQL-injections and XSS bugs.

Abstract [sv]

Fuzzing eller fuzz-testning är en automatiserad testningsmetod för datorprogram. Tekniken har av olika anledningar blivit allt vanligare som testningsmetod. Den här rapporten kommer först att beskriva varför det finns ett behov av en fuzzer som testar/kan testa flera applikationer i en domän. Den förklarar sedan de viktiga delarna i en fuzzer och hur man implementerar en sådan. Avslutningsvis testas den implementerade fuzzern DWAF mot ett antal webbapplikationer som tydlig visar att den har förmågan att hitta många SQL-injection och XSS-buggar.

Place, publisher, year, edition, pages
Kandidatexjobb CSC, K11045
National Category
Computer Science
URN: urn:nbn:se:kth:diva-130819OAI: diva2:654266
Educational program
Master of Science in Engineering - Computer Science and Technology
Available from: 2013-10-07 Created: 2013-10-07

Open Access in DiVA

No full text

Other links
By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 31 hits
ReferencesLink to record
Permanent link

Direct link