Web Application Vulnerability Fuzzing Based On Improved Genetic Algorithm

摘要

Web fuzzing has always been an effective way to detect web vulnerabilities. Normally, traditional web fuzzing method mainly use limited test cases or generate test cases based on certain rules, which cause web fuzzing slow and inefficient. To solve this problem, we present improved genetic algorithm with a new mutation method to generate test cases. And the concept of preset functional units is proposed: test cases are divided into different functional units to ensure that the semantic structure will not be damaged during crossover and mutation. The experimental results show that the improved algorithm can generate better test cases than the standard genetic algorithm (SGA) and the adaptive genetic algorithm (AGA) and also detect more web vulnerabilities.