基于改进模糊测试的Web漏洞挖掘系统

Web fuzzing has always been an effective method for detecting web vulnerabilities. Generally, traditional web fuzzing methods mainly use limited test cases or generate test cases according to certain rules, and some methods will break the syntax structure of test cases, which will cause web fuzzing to become slow and inefficient. In order to solve this problem, this paper proposes an improved genetic algorithm and proposes the concept of preset functional units: dividing test cases into different functional units to ensure that the semantic structure is not destroyed during the crossover and mutation process. XSS Cross-site scripting attack is used as an example to introduce the implementation of the algorithm. According to the proposed algorithm, a web vulnerability mining system based on improved fuzzy testing is designed and implemented. The experimental results show that the web vulnerability mining system based on improved fuzzy testing can generate better test cases and can detect more XSS cross-site scripts. Attack vulnerability.