Professional Documents
Culture Documents
ITB4333-DESIGN PROJECT 3
BY
VENKATRAMAN (20134018)
KARUNAKARAN K (20134013)
PRAVEEN K (20134006)
HEMANTHRAJU B (20134007)
AGENDA
• Introduction
• Problem Statement
• Motivation Needed
• Abstract
• Scope And Objectives
• Proposed Work
• System Requirement
• Methodology and Design
• Results
• Conclusion
• Future Work
• References
INTRODUCTION
• Fuzzing can take many various forms, each of which is tailored for testing a particular
application type.
• The practise of fuzzing web applications to reveal common web vulnerabilities, such as
injection problems and others is known as web application fuzzing.
• A fuzzer would try combinations of attacks such as SQLI,XXS
• It involves inputting massive amounts of random data, called fuzz, to the test subject in an
attempt to make it crash.
PROBLEM STATEMENT
• When a web application is being tested for fuzziness, a series of HTTP requests are
made in order to see how the programme responds to different inputs.
• The input generating technologies used by the fuzz testing tool must be supported.
• The input generating process is used with several HTTP queries.
• The tester need HTTP requests that will be sent to the application being tested, as well
as information on which input generation techniques to apply to specific portions of an
HTTP request.
MOTIVATION NEEDED FOR THE PROJECT
• Use fuzzing while developing web application that might handle unreliable inputs.
• A method of testing that includes feeding erroneous, unexpected, or random data to a computer
software.
LITERATURE SURVEY
REVIEW 1:
REVIEW 2:
REVIEW 4:
REVIEW 6:
• HARDWARE REQUIREMENT
Hard Disk : 40 GB SSD
RAM : 8 GB RAM
Processor : intel 5 3rd gen
METHODOLOGY & DESIGN
• The software tool is similar to risk scanners, and can detect sensitive files ,directories and
sub domains
• Fuzz scanners is tool that help capture various online issues, such as sensitive files.
• Therefore, they ensure the security of the web application by testing and capturing these
request is one of the most exploited weaknesses in web use and one of the most widely
studied.
SAMPLE CODING
CONCLUSION
• Naturally, fuzzing is not a false proof method for finding every bug.
• The ability to hack web apps via fuzzing has some restrictions.
• The server's rate limiting is one of these restrictions.
• You might not be able to send the application a lot of payloads during a remote, black-box
interaction without being discovered by the server or exceeding some sort of rate-limit.
• This can result in testing taking longer, or it might possibly get you kicked off the service.
FUTURE WORK
• We aim to integrate more attack plug-ins into the future.
• In addition, the functionality of the tool can be improved.
• We are also working on setting up a website where the use of fuzz concept can be
downloaded.
• While we know that fuzz scanner may be used for malicious purposes, we feel they can
assist web application developers in assessing the safety of their system.
THANK YOU