I am conducting fuzzing-related research, and you can find my published articles and talks about that in the list below.
Published Articles
-
Posted on
Fuzzing Frameworks for Server-side Web Applications: A Survey
Most people are using web applications. Let's think from a web developer perspective. As web developers, have you ever wondered how to security test your entire web application automatically without requiring much human effort? What have researchers done to make the automated security test for the web feasible? You can find the answer in this article.
On-Going Projects
-
Posted on
LLM-assisted Grey-box Fuzzing with SQL Checking for Revealing Broken Access Control on Web Applications
In September 2024, Wordfence reported that approximately 20,000 WordPress sites were affected by a privilege escalation vulnerability caused by Broken Access Control (BAC) in the WCFM plugin (CVE-2024-8290). Even though OWASP has defined BAC as one of the most serious security risks since 2021, this risk is still under-explored. In this work, we present a novel framework that combines grey-box fuzzing and LLM-assisted analysis to systematically uncover BAC vulnerabilities in web applications.
This paper is still under-review in a top cyber security conference. Stay tuned!
Talks
-
Posted on
2nd PhD Workgroup Meeting
This meeting gathers all PhD students in the Netherlands working on cybersecurity topics. I presented my ongoing research about server-side web application fuzzing.
-
Posted on
2nd AFFECT.NL (Automated Finding, Fixing or Exploiting of seCuriTy vulnerabilities) workshop
This workshop is aimed at researchers and practioners from the Netherlands working on fuzzing or other automated - dynamic or static - techniques to find, fix or exploit security vulnerabilities in code. I presented my ongoing research about server-side web application fuzzing.