Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzing fuzz testing == fuzzing

Published byBenjamin Robbins Modified over 6 years ago

Similar presentations

Presentation on theme: "Fuzzing fuzz testing == fuzzing"— Presentation transcript:

1 Fuzzing fuzz testing == fuzzing
“The original work was inspired by being logged on to a modem during a storm with lots of line noise. And the line noise was generating junk characters that seemingly were causing programs to crash. The noise suggested the term ‘fuzz’.” --Barton Miller

2 Fuzzing Defn (IEEE Standard Glossary of Software Engineering Terminology) “The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.” The basic idea fuzzer

3 Fuzz What to Complex data formats image, sound, video, etc. files
object code / bytecode Protocols network protocols (TCP/IP, http, key exchange, SSL, etc.) database (SQL) User-provided files

4 The basis of fuzzing… Two Types of Fuzzers test cases Mutation Fuzzers
the “dumb” fuzzers Generative Fuzzers intelligence comes with a price…

5 Why Fuzz?

6 Mutation Fuzzers Mutated User Test Case(s) fuzzer
What does the fuzzer do? bit flipping remove bit segments insert bit segments sometimes uses heuristics Example: ______

7 Generative Fuzzers User Mutated Test Case(s) fuzzer
What does the user specify? data model state model Example: ________ fuzzer Downside – complex to use

8 The Good, the Bad, & the Ugly
Test the unusual Large number of test cases Complexity of input difficult to capture Tedious configuration Correctness?

9 Some “Fuzzy” Links zzuf Fuzzer http://caca.zoy.org/wiki/zzuf
Peach Fuzzer Jester Taof (the art of fuzz testing)

Download ppt "Fuzzing fuzz testing == fuzzing"

Similar presentations

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.
The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University

The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University
Copyright © Microsoft Corp 2006 Introduction to Security Testing Shawn Hernan Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Security Testing Shawn Hernan Security Program Manager Security Engineering and Communication.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Introduction to MySQL Administration.  Server startup and shutdown ◦ How to manually start and stop it from the command line ◦ How to arrange an automated.

Introduction to MySQL Administration.  Server startup and shutdown ◦ How to manually start and stop it from the command line ◦ How to arrange an automated.
Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Fuzzing Dan Fleck CS 469: Security Engineering Sources:
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security

MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security
MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.

MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.
Data Structure & File Systems Hun Myoung Park, Ph.D., Public Management and Policy Analysis Program Graduate School of International Relations International.

Data Structure & File Systems Hun Myoung Park, Ph.D., Public Management and Policy Analysis Program Graduate School of International Relations International.
1 An Extensible Videoconference Tool for a Collaborative Computing Network Junjun He.

1 An Extensible Videoconference Tool for a Collaborative Computing Network Junjun He.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.
Lesson 2 — The Internet and the World Wide Web

Lesson 2 — The Internet and the World Wide Web
DE Streaming Strategies. Downloaded Segments There are three common ways that you can use downloaded video segments: Standalone files: Just double-click.

DE Streaming Strategies. Downloaded Segments There are three common ways that you can use downloaded video segments: Standalone files: Just double-click.
SRS PRESENTATION Ronen Mendezitsky & Alon Weiss Website Protection System.

SRS PRESENTATION Ronen Mendezitsky & Alon Weiss Website Protection System.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
Learningcomputer.com SQL Server 2008 Configuration Manager.

Learningcomputer.com SQL Server 2008 Configuration Manager.
1 Web Development & Design Foundations with XHTML Chapter 1 Key Concepts.

1 Web Development & Design Foundations with XHTML Chapter 1 Key Concepts.
Standard Grade Presentations & Multimedia. Presentation & Multimedia Software Allows the user to set up exciting and attractive documents which helps.

Standard Grade Presentations & Multimedia. Presentation & Multimedia Software Allows the user to set up exciting and attractive documents which helps.

Similar presentations

Ads by Google