FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache

Fuzzing has shown great promise in detecting vulnerabilities in server-side web applications. In this work, we introduce an innovative software-based data cache mechanism that complements and improves all existing web application fuzzing tools. Our key observation is that a great proportion of execution time (e.g., 50%) of web applications is spent on fetching data from two major sources: database and network; our in-depth investigation reveals that the same data is often repeatedly fetched across fuzzing trials. We thus design a new solution, FuzzCache, that stores the data into software-based caches, mitigating the need for repeated and expensive data fetches. FuzzCache exposes the cached data across fuzzing trials through inter-process shared memory segments. It also, as the first work, incorporates just-in-time compilation to avoid the performance overhead associated with interpreting PHP code in real time, thereby enhancing execution efficiency.