Fuzzing is significantly evolved in analysing native code, but web applications, invariably,
have received limited attention until now. This paper designs, implements and evaluates …

Fuzz testing consists in automatically generating and sending malicious inputs to an
application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as …

Universal cross-site scripting (UXSS) is a browser vulnerability, making a vulnerable
browser execute an attacker's script on any web pages loaded by the browser. UXSS is …

Black-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is
true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In …

Black-box web application vulnerability scanners attempt to automatically identify
vulnerabilities in web applications without access to the source code. However, they do so …

Greybox fuzzing is one of the most effective approaches for detecting software
vulnerabilities. Various new techniques have been continuously emerging to enhance the …

Following the advent of the American Fuzzy Lop (AFL), fuzzing had a surge in popularity,
and modern day fuzzers range from simple blackbox random input generators to complex …

Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web
server for later execution. We have built a system, namely UFuzzer, to effectively and …

Server-side web applications are still predominantly implemented in the PHP programming
language. Even nowadays, PHP-based web applications are plagued by many different …

Web applications' security is critical because we share sensitive data through them
frequently, which attracts attackers who exploit their vulnerabilities. Detecting and exploiting …