Download presentation
Presentation is loading. Please wait.
Published byGary Rake Modified over 9 years ago
1
By Skyler Onken
2
Who am I? What is Fuzzing? Usual Targets Techniques Results Limitations Why Fuzz? “Fuzzing the Web”? Desired Solution Solution Enumeration Engine Fuzzing Engine Client Demo Remaining Issues Future Improvements Q/A
3
Skyler Onken BYU-Idaho Student (CIT) Contingent Staff w/ LDS Church (QA) Penetration Tester w/ SecureGossip Initiative Security Trainer @ BYU-Idaho Linux User Group Security+, CEH, ECSA http://securityreliks.securegossip.com
4
OWASP Definition: “Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.” http://www.owasp.org/index.php/Fuzzing
5
Wikipedia “Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.” http://en.wikipedia.org/wiki/Fuzz_testing
6
Synonyms Robustness Testing Syntax Testing Negative Testing White-Noise Testing
7
File Formats Network Protocols Trust Boundary Crossing Software Desktop Applications Client Software Web Applications Web Services
8
Specification-based Random data PRNG Bit flipping
9
Crashes Memory Leaks Assertion Failures Buffer (Stack and Heap based) Overflows Parsing Errors
10
Find simple bugs Black-Box Strong dependency on seed
11
Another point of view of testing If its automated, why not? Recent Fuzzing Successses: Apple Wireless flaw DoS (MOKB-30-11-2006) Month of Browser Bugs: ▪ IE: 25 ▪ Safari: 2 ▪ Firefox: 2 ▪ Opera: 1 ▪ Konquerer: 1
12
Enumeration Massively deep and expansive Ajax Problem Most elements can be bound to dynamic action Results Detecting errors is difficult beyond checking return code Possibly use baselines?
13
Rune Hammersland pioneered semi-automation Join together enumeration and fuzzing The AJAX problem Frameworks exist, but lack functionality Peach Sulley RFuzz Some tools exist, but not automated Spike WSFuzz JBroFuzz Wfuzz
14
Easily and Fully Automated Web Applications and Services Reproducible Errors Easy Reporting “Fire and Forget” AJAX
15
Client/Applet Enumeration engine Fuzzer Server
16
Detects target type (app, soap, rest) Will generate variations of enumerated test cases: Crawljax (applications) ▪ Implements Selenium Web Driver ▪ Programmatically define HTML tags to exercise ▪ http://my.webapp.here/func?var1=normalValue& var2=normalValue SoapUI API (services) ▪ Enumerates the WSDL/WADL for operations/resources
17
Web Application Fuzzer Crawler SOAP Test Cases
18
Modular Enables intelligence Utilizes RC4 Reproducible Handles requests and results Results: != 200 Output to file; Database pending.
19
Fuzzing Engine Controller Module 3 Module 2 Module 1 Bad Chars Web Server
20
Java Applet
23
JVM Memory Seed Captchas Automated Analysis
24
Smarter Fuzzing Automated Analysis REST Dictionary Support DB http://code.google.com/p/fuzzops/ http://code.google.com/p/fuzzops/
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.