Management of the Process of Web Applications Testing by the Fuzzing Method Based on Dynamic Bayesov Networks

Abstract

Nowadays, intensive research is being conducted in the field of developing effective technologies for testing web applications for vulnerabilities, one of such technologies that allowing to hold complex testing at all stages of the application life cycle is fuzzing testing. The actual direction of development this technology is the development of mathematical and software that realizes intellectual components of fuzzing, the implementation of which will significantly improve its effectiveness and resource efficiency. In article the conceptual model of the application dynamic Bayesian networks to control web application testing by fuzzing is provided. Within the framework of the constructed conceptual model, dynamic Bayesian models for the main OWASP – vulnerability classes of Web applications and corresponding algorithmic and software for testing were developed.