On automated form injection testing.

A set of 4 options has 24 possibilities.

Most forms have options containing upwards of 30 options.

230 is 1073741824.

I'm writing my own analyzer for testing forms and have run into the reality that testing form injections while taking option sets into consideration, is fairly impossible.

I get that I could just get input names, and test each of them without any consideration to options, but that seems like it's not really any sort of coverage at all.

It does not explore all functionality of the form to do that.

On the backend, one option being set vs. not being set could trigger an entirely different — and potentially vulnerable — code path. Just filling an option with an injection test without exhausting option configuration context, isn't really testing the form at all and is just providing surface level analysis.

My question is, does this mathematical truth mean that the vast majority, if not all commercial web vulnerability scanners, are pure bullshit when it comes to testing web applications reliant on large forms?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s