FUZZ TESTING OF WEB APPLICATIONS
DOI:
https://doi.org/10.24867/21BE23SipovacKeywords:
fuzz testing, testing, securityAbstract
The topic of the paper is the application of fuzz testing on web applications. Tools for fuzz testing are analysed, as well as vulnerable applications from the web used for the purposes of performing fuzz tests, and demonstrations of ways to use fuzzing tools. Fuzz tests were performed on these applications, using fuzz testing tools, and the test results were analysed.
References
[1] “What is Software Testing? Definition”, Thomas Hamilton https://www.guru99.com/software-testing-introduction-importance.html
[2] “Negative Testing” https://smartbear.com/learn/automated-testing/negative-testing/
[3] “What is Negative Testing? Test cases With Example” , Thomas Hamilton
[4] “DETEKCIJA SIGURNOSNIH PROPUSTA FAZ TESTIRANJEM”, Aleksandar Nikolić, Goran Sladić, Branko Milosavljević, Zora Konjović
https://infom.fon.bg.ac.rs/index.php/infom/article/view/1551/1523
[5] “Fuzz testing”, Synopsys https://www.synopsys.com/glossary/what-is-fuzz-testing.html
[6] “Fuzzing info – the art of unexpected input engineering” https://fuzzinginfo.wordpress.com/history/
[7] “Fuzz testing” https://fuchsia.dev/fuchsia-src/contribute/testing/fuzz_testing
[8] “Code intelligence, What Is Fuzz Testing?” https://www.code-intelligence.com/what-is-fuzz-testing#FuzzTestingDefinition
[9] “Fuzzing – what is it, and why bother?” https://cytal.co.uk/fuzzing-what-is-it-and-why-bother/)
[10] https://github.com/zaproxy/zaproxy
[11] “Everything you need to know about FFUF” https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html
[12] “Web Security Testing with Burp Suite”, Dr. Sunny Wear https://www.pluralsight.com/paths/web-security-testing-with-burp-suite
[13] “What is Burp Suite?”
https://www.geeksforgeeks.org/what-is-burp-suite/
[14] https://github.com/webpwnized/mutillidae
[15] “bWapp” http://www.itsecgames.com
[16] https://github.com/digininja/DVWA
[17] https://github.com/danielmiessler/SecLists
[2] “Negative Testing” https://smartbear.com/learn/automated-testing/negative-testing/
[3] “What is Negative Testing? Test cases With Example” , Thomas Hamilton
[4] “DETEKCIJA SIGURNOSNIH PROPUSTA FAZ TESTIRANJEM”, Aleksandar Nikolić, Goran Sladić, Branko Milosavljević, Zora Konjović
https://infom.fon.bg.ac.rs/index.php/infom/article/view/1551/1523
[5] “Fuzz testing”, Synopsys https://www.synopsys.com/glossary/what-is-fuzz-testing.html
[6] “Fuzzing info – the art of unexpected input engineering” https://fuzzinginfo.wordpress.com/history/
[7] “Fuzz testing” https://fuchsia.dev/fuchsia-src/contribute/testing/fuzz_testing
[8] “Code intelligence, What Is Fuzz Testing?” https://www.code-intelligence.com/what-is-fuzz-testing#FuzzTestingDefinition
[9] “Fuzzing – what is it, and why bother?” https://cytal.co.uk/fuzzing-what-is-it-and-why-bother/)
[10] https://github.com/zaproxy/zaproxy
[11] “Everything you need to know about FFUF” https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html
[12] “Web Security Testing with Burp Suite”, Dr. Sunny Wear https://www.pluralsight.com/paths/web-security-testing-with-burp-suite
[13] “What is Burp Suite?”
https://www.geeksforgeeks.org/what-is-burp-suite/
[14] https://github.com/webpwnized/mutillidae
[15] “bWapp” http://www.itsecgames.com
[16] https://github.com/digininja/DVWA
[17] https://github.com/danielmiessler/SecLists
Downloads
Published
2023-01-08
Issue
Section
Electrotechnical and Computer Engineering
