AUTOMATED FUZZING BASED ON ANALYSIS OF APPLICATION EXECUTION FLOW

摘要

Described herein is a system and method for identifying a vulnerability of an application (e.g., web application). A message comprising a request and associated execution flow of the application in response to the request is received. The message is analyzed to determine whether the execution flow includes a function pre-defined as interesting. In response to determining that the execution flow includes the function pre-defined as interesting, a determination is made that the function pre-defined as interesting comprises a vulnerability of the application. In response to determining that the function pre-defined as interesting comprises a vulnerability of the application, an action is taken with respect to the vulnerability. The action can include, for example, providing information regarding the identified vulnerability and/or blocking execution of particular code of the application.