No matter how bad the quality of mutation-based fuzzing is, there are practical use cases for it. Look at all the hacker tools available and you will notice that most fuzzers just grab files (jpeg, mpeg, doc...), traffic captures (pcap, pdml, ...) or XML-like schemas (schema, dfd, ...) and generate tests from these "specifications".
So why are traffic capture fuzzers so powerful? The reason is speed! I selected a wireless access point and listened to it using a network analyzer while it was booted up. During the boot process, I caught a number of packet traces, which I could then directly export to our brand new traffic capture fuzzer (or in the case of XML protocols, into our XML fuzzer), and just after 5 minutes, I had all test running, and less than 100 test cases later, I had the wireless router booting for the first time.
General purpose fuzzers expedite the process of creating fuzzers as they automate the entire test generation process. Test coverage is minimal compared to full model-based fuzzers, yet it more than suffices to find a few bugs in modern communication products. Highly recommended!
About Me
- Ari Takanen
- Ari Takanen is the chief technical officer at Codenomicon, a software fuzzing tool company. A noted speaker and author on software testing and security, he did his studies in University of Oulu (Finland), where he also was teaching Software Quality, and did research with the university’s Secure Programming Group (OUSPG).
The Fuzzing Book
No comments:
Post a Comment