Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.
Fuzzing techniques can basically be divided in four different categories:
1. Random fuzzing: has close to zero awareness of the tested interface.
2. Capture-replay fuzzing: learns the protocol from templates such as traffic captures or files.
3. Block-based fuzzing: breaks the syntax of the tested interface into blocks of data, which it semi-randomly mutates.
4. Model-based fuzzing: builds an executable model of the protocol based on protocol specification, which it then uses for generating systematic non-random test cases.
In short, fuzzing is about negative testing, generation on non-conformant messages in order to crash software. The failures (crashes, hangs) are studied from risk analysis perspective to see if they are something that need to be fixed. Most discoveries can also be identified as software vulnerabilities.
A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs.
The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors, or totally random data. New generation fuzzers use genetic algorithms to link injected data and observed impact. Such tools are not public yet.
Fuzzing techniques can basically be divided in four different categories:
1. Random fuzzing: has close to zero awareness of the tested interface.
2. Capture-replay fuzzing: learns the protocol from templates such as traffic captures or files.
3. Block-based fuzzing: breaks the syntax of the tested interface into blocks of data, which it semi-randomly mutates.
4. Model-based fuzzing: builds an executable model of the protocol based on protocol specification, which it then uses for generating systematic non-random test cases.
In short, fuzzing is about negative testing, generation on non-conformant messages in order to crash software. The failures (crashes, hangs) are studied from risk analysis perspective to see if they are something that need to be fixed. Most discoveries can also be identified as software vulnerabilities.
A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs.
The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors, or totally random data. New generation fuzzers use genetic algorithms to link injected data and observed impact. Such tools are not public yet.
No comments:
Post a Comment