KameleonFuzz : evolutionary fuzzing for black-box XSS detection
- Submitting institution
-
University of Bristol
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 197615395
- Type
- E - Conference contribution
- DOI
-
10.1145/2557547.2557550
- Title of conference / published proceedings
- Proceedings of the 4th ACM Conference on Data and application security and privacy
- First page
- 37
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- March
- Year of publication
- 2014
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
B - Cybersecurity and Cryptography
- Citation count
- -
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Enhanced web application testing with a novel combination of taint inference and evolutionary computing to fuzz "web applications" for detecting different types of cross-site script (XSS, Top 10 OWASP) vulnerabilities [Felderer, M. et al. “Security Testing: A Survey.” Adv. Comput. 101 (2016) & Deepa et al J. Inf. Software. Technology (74)2016]. Contributed to EU project “DIAMONDS: Security testing” (https://itea3.org/project/diamonds.html). The tool found zero-day XSS vulnerabilities in real-world web apps [https://tinyurl.com/y9l7t5mx & https://tinyurl.com/ydaul4zt]. Subsequent presentations at key practitioner venues: BlackHat Sao Paulo, US; NoSuchCon (NSC), WASR’13, SSTIC'13, InfoCon'15. Instrumental in securing job at Apple for the lead PhD student (Duchene).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -