Title :
An Heuristic Method for Web-Service Program Security Testing
Author :
Zhao, Gang ; Zheng, Weimin ; Zhao, Jinjing ; Chen, Hua
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China
Abstract :
The security of the web-service program is a very significant facet in the grid computing environment. A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. How to efficiently reduce the fuzzing data scale with the assurance of high fuzzing veracity and vulnerability coverage is a very important issue for its effective practice. In this paper, aimed at the web-service program, a new heuristic method for fuzzing data generation named as H-Fuzzing is be presented, which has high program executing path coverage with the information from the static analysis and dynamic property of the program. The main thought of H-Fuzzing is collecting the information of the key branch predications and building its relations with the input variables in order to supervise the dimension reducing of the fuzzing data aggregation.
Keywords :
Web services; grid computing; heuristic programming; program diagnostics; program testing; H-Fuzzing method; Web-service program security testing; fuzzer; fuzzing data aggregation; fuzzing data generation; fuzzing data scale; fuzzing veracity; grid computing environment; heuristic method; security vulnerabilities; Automatic testing; Computer crashes; Data security; Electronic mail; Grid computing; Information analysis; Information security; Input variables; Software testing; Vehicle crash testing; control flow graph; dynamic analysis; fuzzing test; program security testing; program slicing; static analysis;
Conference_Titel :
ChinaGrid Annual Conference, 2009. ChinaGrid '09. Fourth
Conference_Location :
Yantai, Shandong
Print_ISBN :
978-0-7695-3818-1
DOI :
10.1109/ChinaGrid.2009.10
