Fuzzing is a Black Box software testing technique, which
basically consists in finding implementation bugs using
malformed/semi-malformed data injection in an automated fashion.
Application fuzzing
Whatever the fuzzed system is, the attack vectors are within it's I/O. For a desktop app:
- the UI (testing all the buttons sequences / text inputs)
- the command-line options
- the import/export capabilities (see file format fuzzing below)
For a web app: urls, forms, user-generated content, RPC requests, ...
The advantage of fuzzing is that the test design is
extremely simple, and free of preconceptions about system behavior.
The systematical/random approach allows this method to find bugs
that would have often been missed by human eyes. Plus, when the tested
system is totally closed (say, a SIP phone), fuzzing is one of the only
means of reviewing it's quality.
The purpose of fuzzing relies on the assumption that there are bugs
within every program, which are waiting to be discovered. Therefore, a
systematical approach should find them sooner or later.
Fuzzing can add another point of view to classical software
testing techniques (hand code review, debugging) because of it's
non-human approach. It doesn't replace them, but is a reasonable
complement, thanks to the limited work needed to put the procedure in
place.
Fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs.
The data-generation part is made of generators, and vulnerability
identification relies on debugging tools. Generators usually use
combinations of static fuzzing vectors (known-to-be-dangerous values),
or totally random data. New generation fuzzers use genetic algorithms to
link injected data and observed impact. Such tools are not public yet.
No comments:
Post a Comment