»

What Is Fuzzing

Fuzz testing, or fuzzing, originally meant a simple testing technique for feeding random input to applications (see Fuzz by University of Wisconsin, 1990). Today, it is much more optimized. Model-based fuzzing tools have been available since 1999, from research teams such as PROTOS. Fuzzing techniques can basically be divided in four different categories:

  1. Random fuzzing: has close to zero awareness of the tested interface.
  2. Capture-replay fuzzing: learns the protocol from templates such as traffic captures or files.
  3. Block-based fuzzing: breaks the syntax of the tested interface into blocks of data, which it semi-randomly mutates.
  4. Model-based fuzzing: builds an executable model of the protocol based on protocol specification, which it then uses for generating systematic non-random test cases.

In short, fuzzing is about negative testing, generation on non-conformant messages in order to crash software. The failures (crashes, hangs, busy-loops, …) are studied from risk analysis perspective to see if they are something that need to be fixed. Most discoveries can also be identified as software vulnerabilities.

Advertisement

This entry was posted on 2008-11-17 at 10:55 and is filed under fuzzing with tags , , , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.