CRAXweb: Automatic web application testing and attack generation

Shih-Kun Huang, Han Lin Lu, Wai Meng Leong, Huan Liu

Research output: Contribution to conferencePaperpeer-review

18 Scopus citations


This paper proposes to test web applications and generate the feasible exploits automatically, including cross-site scripting and SQL injection attacks. We test the web applications with initial random inputs by detecting symbolic queries to SQL servers or symbolic responses to HTTP servers. After symbolic outputs detected, we are able to generate attack strings and reproduce the results, emulating the manual attack behavior. In contrast with other traditional detection and prevention methods, we can determine the presence of vulnerabilities and prove the feasibility of attacks. This automatic generation process is based on a dynamic software testing method-symbolic execution by S2E. We have applied this automatic process to several known vulnerabilities on large-scale open source web applications, and generated the attack strings successfully. Our method is web platform independent, covering PHP, JSP, Rails, and Django due to the supports of the whole system environment of S2E.

Original languageEnglish
Number of pages10
StatePublished - 9 Sep 2013
Event7th International Conference on Software Security and Reliability, SERE 2013 - Gaithersburg, MD, United States
Duration: 18 Jun 201320 Jun 2013


Conference7th International Conference on Software Security and Reliability, SERE 2013
Country/TerritoryUnited States
CityGaithersburg, MD


  • Web security
  • automatic exploit generation
  • symbolic execution


Dive into the research topics of 'CRAXweb: Automatic web application testing and attack generation'. Together they form a unique fingerprint.

Cite this