Why Charles Can Pen-test: an Evolutionary Approach to Vulnerability Testing

11/26/2020
by   Gabriele Costa, et al.
0

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may manifest only in exceptional circumstances that do not occur in the normal operation of the application. It is widely recognized that state-of-the-art penetration testing tools play a crucial role, and are routinely used, to dig up vulnerabilities. Yet penetration testing is still primarily a human-driven activity, and its effectiveness still depends on the skills and ingenuity of the security analyst driving the tool. In this paper, we propose a technique for the automatic discovery of vulnerabilities in event-based systems, such as web and mobile applications. Our approach is based on a collaborative, co-evolutionary and contract-driven search strategy that iteratively (i) executes a pool of test cases, (ii) identifies the most promising ones, and (iii) generates new test cases from them. The approach makes a synergistic combination of evolutionary algorithms where several "species" contribute to solving the problem: one species, the test species, evolves to find the target test case, i.e., the set of instruction whose execution lead to the vulnerable statement, whereas the other species, called contract species, evolve to select the parameters for the procedure calls needed to trigger the vulnerability. To assess the effectiveness of our approach, we implemented a working prototype and ran it against both a case study and a benchmark web application. The experimental results confirm that our tool automatically discovers and executes a number of injection flaw attacks that are out of reach for state-of-the-art web scanners.

READ FULL TEXT

page 11

page 13

research
04/02/2018

Automatic Web Security Unit Testing: XSS Vulnerability Detection

Integrating security testing into the workflow of software developers no...
research
03/06/2018

STADS: Software Testing as Species Discovery

A fundamental challenge of software testing is the statistically well-gr...
research
05/24/2020

DeepSQLi: Deep Semantic Learning for Testing SQL Injection

Security is unarguably the most serious concern for Web applications, to...
research
06/14/2020

Vulnerability Coverage as an Adequacy Testing Criterion

Mainstream software applications and tools are the configurable platform...
research
06/05/2023

Discovering Novel Biological Traits From Images Using Phylogeny-Guided Neural Networks

Discovering evolutionary traits that are heritable across species on the...
research
06/01/2017

Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing

Taint-style vulnerabilities comprise a majority of fuzzer discovered pro...
research
06/12/2022

Evolutionary Multi-Task Injection Testing on Web Application Firewalls

Web application firewall (WAF) plays an integral role nowadays to protec...

Please sign up or login with your details

Forgot password? Click here to reset