The future of grey-box fuzzing

نویسنده

  • Isak Hjelt
چکیده

Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This thesis summarizes the research of an automated bug finding technique called grey-box fuzzing, with the goal of saying something about its future. Grey-box fuzzing is a breed of fuzzing, where the basic concept of fuzzing is to provide random data as input to an application in order to test it for bugs. To portray the current state of grey-box fuzzing, two tools which are relevant to the current research will be presented and discussed. A definition of what grey-box fuzzing is will also be extracted from the research papers by looking at what they all have in common. The combination of fuzzing with symbolic execution or dynamic taint analysis are two of the approaches which this work has identified and discussed, but argues that dynamic taint analysis is more promising to the future. Lastly, the trend within fuzzing is predicted to go more towards the grey-box style of fuzzing, which leads to grey-box fuzzing rising in popularity.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

How I Evolved your Fuzzer: Techniques for Black-Box Evolutionary Fuzzing

Fuzz testing is an active testing technique which consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? What kind of anomaly to introduce? Where to observe its effects? etc. Different test contexts depending on the degree of knowledge assumed ab...

متن کامل

Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing

The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fu...

متن کامل

SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr

Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and effectiveness over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols. In this paper, we present SNOOZE, ...

متن کامل

A Grey Box Neural Network Model of Basal Ganglia for Gait Signal of Patients with Huntington Disease

Introduction: Huntington disease (HD) is a progressive neurodegenerative disease which affects movement control system of the brain. HD symptoms lead to patient’s gait change and influence stride time intervals. In this study, we present a grey box mathematical model to simulate HDdisorders. This model contains main physiological findings about BG. Methods: We used artificial n...

متن کامل

Model-Based API Testing for SMT Solvers∗

Verification back ends such as SMT solvers are typically highly complex pieces of software with performance, correctness and robustness as key requirements. Full verification of SMT solvers, however, is difficult due to their complex nature and still an open question. Grammar-based black-box input fuzzing proved to be effective to uncover bugs in SMT solvers but is entirely input-based and rest...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017