Analyzing web applications in order to discover possible security vulnerabilities is a complex and challenging procedure that may often produce an increased number of false positives and false negatives. This is mainly due to the fact that most modern websites use dynamic content that may affect the output that web applications produce. In this paper we discuss novel fuzzing techniques that can be used towards providing an automated black-box reversing method for web applications. These techniques focus on detecting changes in dynamic content that can produce false positives. Our goal is to identify different execution paths that an application may follow. Such information on the structure of a web application can provide insight for additional vulnerabilities that would lie undetected if traditional methods for analysis were used.
Argyros, Georgios and Papapanagiotou, Konstantinos, "Towards An Automated, Black-Box Method For Reversing Web Applications" (2009). MCIS 2009 Proceedings. 103.