Publication Date

2023

Document Type

Thesis

Committee Members

Junjie Zhang, Ph.D. (Advisor); Yong Pei, Ph.D. (Committee Member); Meilin Liu, Ph.D. (Committee Member)

Degree Name

Master of Science in Cyber Security (M.S.C.S.)

Abstract

Modern web development has grown increasingly reliant on scripting languages such as PHP. The complexities of an interpreted language means it is very difficult to account for every use case as unusual interactions can cause unintended side effects. Automatically generating test input to detect bugs or fuzzing, has proven to be an effective technique for JavaScript engines. By extending this concept to PHP, existing vulnerabilities that have since gone undetected can be brought to light. While PHP fuzzers exist, they are limited to testing a small quantity of test seeds per second. In this thesis, we propose a solution for fuzzing the PHP interpreter in an intelligent and time efficient manner and present our prototype implementation PHP Fuzz. Our solution makes use of an abstract syntax tree to generate correct and meaningful test seeds with minimal user interaction. Currently, PHP Fuzz is unable to parse very complex syntax such as classes, but with future work, our system could generate test seeds covering every element of the PHP language.

Page Count

43

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2023


Share

COinS