usenix conference policies
BugBox: A Vulnerability Corpus for PHP Web Applications
Gary Nilson, Kent Wills, Jeffrey Stuckman, and James Purtilo, University of Maryland, College Park
Web applications are a rich source of vulnerabilities due to their high exposure, diversity, and popularity. Accordingly, web application vulnerabilities are useful subjects for empirical security research. Although some information on vulnerabilities is publicly available, there are no publicly available datasets that couple vulnerabilities with their source code, metadata, and exploits through an executable test environment. We describe BugBox, a corpus and exploit simulation environment for PHP web application vulnerabilities. BugBox provides a test environment and a packaging mechanism that allows for the distribution and sharing of vulnerability data. The goal is to facilitate empirical vulnerability studies, security tool evaluation, and security metrics research. In addition, the framework promotes developer education by demonstrating exploits and providing a sandbox where they can be run safely. BugBox and its modules are open source and available online, and new modules may be contributed by community members.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Gary Nilson and Kent Wills and Jeffrey Stuckman and James Purtilo},
title = {{BugBox}: A Vulnerability Corpus for {PHP} Web Applications},
booktitle = {6th Workshop on Cyber Security Experimentation and Test (CSET 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/cset13/workshop-program/presentation/nilson},
publisher = {USENIX Association},
month = aug
}
connect with us