资 源 简 介
Concept:
In this age of the excessive INTERNET-dependency, the Web browser is the most basic common unit of the Internet experience for much of the global community. Also, it is the one which is the most attacked from external agencies. Thus, it is critical to test the Browser"s ability to be secure enough. Thus, to audit the security mechanisms in place within conventional Web Browsers, we plan to use a fuzzer codenamed "FireFuzzer". A fuzzer (also known as "Fault Injectors") is a typically a tool that attempts to discover security vulnerabilities by injecting random input into the WEB application. If the program contains a vulnerability that can lead to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered. Conventional Fuzzers are good at finding buffer overflow, DoS, SQL Injection, XSS, and Format String bugs.
Firefuzzer is expected to perform black-box scans over the web pages. It will target the web
