Discovering Software Vulnerabilities Based on Fuzz Testing
نویسندگان
چکیده
منابع مشابه
Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing
Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work...
متن کاملAutomated Whitebox Fuzz Testing
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...
متن کاملEfficient Model-based Fuzz Testing Using Higher-order Attribute Grammars
Format specifications of data input are critical to model-based fuzz testing. Present methods cannot describe the format accurately, which leads to high redundancy in testing practices. In order to improve testing efficiency, we propose a grammar-driven approach to fuzz testing. Firstly, we build a formal model of data format using higher-order attribute grammars, and construct syntax tree on t...
متن کاملInstrumented Fuzz Testing Using AIR Integers
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. In this paper, we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. The AIR integer model either produces a value equivalent to one that would have been obtain...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Computers
سال: 2019
ISSN: 1796-203X
DOI: 10.17706/jcp.14.2.111-118