A browser fuzzy test method based on AST mutation

A technology of fuzz testing and browsers, which is applied in software testing/debugging, instrumentation, error detection/correction, etc. It can solve problems such as fuzzing testing for one month or more, difficult fuzzing testing browser vulnerabilities, etc., and achieves the goal of improving efficiency Effect

Active Publication Date: 2019-03-08
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem solved by the present invention is that in the prior art, the current browsers have repaired the loopholes detected by fuzzing and have implemented some protection mechanisms at the browser level, so that the current single fuzzing method is relatively difficult to fuzz. Test browser vulnerabilities, and even if there are vulnerabilities, it may take a month or more to find out the problem of fuzzing, and then provide an optimized browser fuzzing method based on AST mutation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0019] The invention relates to a browser fuzz testing method based on AST mutation.

[0020] The verification test is an indicator for the user to propose performance requirements and expansion requirements.

[0021] In the present invention, the verification test is Proof of Concept, which is a popular verification test for specific applications of customers in the industry. According to the user's performance requirements and expansion requirements for the adopted system, real data is run on the selected server. Carry out actual calculation of the amount of user data and running time, and increase the amount of data according to the needs of future business expansion of users to verify the carrying capacity and performance changes of the system and platform.

[0022] The method includes the foll...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a browser fuzzy test method based on AST mutation. By parsing a validation test sample of vulnerabilities in older browsers into an AST syntax tree, new AST syntax tree is obtained after AST syntax mutation, and by reparsing to generate new validation test samples, the browser loads the new validation test samples to monitor the browser's running. If the browser crashes, the validation test samples at the crash time are collected and uploaded to the WEB server, and the validation test samples at the run time are deleted. Otherwise, the validation test samples at the run time are deleted. The method of the invention can mutate the original verifiability test sample, regenerate the new verifiability test sample, let the browser run, monitor the state of the browser,collect the verifiability test sample that causes the browser to collapse, thereby greatly improving the efficiency of the browser fuzzy test and the efficiency of the vulnerability mining.

Description

technical field [0001] The invention relates to the technical field of error prevention through software testing or debugging, in particular to a browser fuzzing testing method based on AST mutation which improves the efficiency of loophole mining. Background technique [0002] Fuzzing is a method of discovering software vulnerabilities by providing unexpected input to the target system and monitoring abnormal results, that is, using automated or semi-automated methods to repeatedly provide input to applications. [0003] Fuzzers for fuzz testing are divided into two categories, one is mutation-based fuzzers, which are created by mutating existing data samples, and the other is based on generating A (generation-based) fuzzer models the protocol or file format used by the system under test, generates inputs based on the model, and creates test cases accordingly. [0004] In the prior art, the fuzzing test of the browser is mostly carried out on the DOM tree or the Javascript...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3644G06F11/366
Inventor 姚志华范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap