slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Website Fuzz Testing PowerPoint Presentation
Download Presentation
Website Fuzz Testing

Loading in 2 Seconds...

play fullscreen
1 / 9

Website Fuzz Testing - PowerPoint PPT Presentation


  • 507 Views
  • Uploaded on

Website Fuzz Testing Website Fuzzing Fuzz testing  or  fuzzing  is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails, the defects can be noted. Fuzzing Applications

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Website Fuzz Testing' - MikeCarlo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
website fuzzing
Website Fuzzing

Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails, the defects can be noted.

fuzzing applications
Fuzzing Applications

Fuzz testing is often used in large software development projects that employ black-box testing.

The oldest and simplest form of fuzzing, sending a stream of random bits to software, originated from Prof. Barton Miller's group at the University of Wisconsin in 1988.

Another common technique that is easy to implement is mutating existing input by flipping bits at random or moving blocks of the file around. But the most successful fuzzers have detailed understanding of the format or protocol being tested.

fuzzing results
Fuzzing Results

Fuzz testing reveal many different behaviors. Straight-up failures such as crashes, assertion failures, and memory leaks are easy to detect. The use of a memory debugger can help find bugs too subtle to always crash.

Fuzz testing is especially useful against large C or C++ applications, where any bug affecting memory safety is likely to be a severe vulnerability.

reproducing fuzz errors
Reproducing Fuzz Errors

Developers need to reproduce errors in order to fix them. For this reason, almost all fuzz testing makes a record of the data it manufactures, usually before applying it to the software, so that if the computer fails dramatically, the test data is preserved.

advantages and disadvantages of fuzz testing
Advantages and Disadvantages of Fuzz Testing

Advantages:

  • Bugs found using fuzz testing are sometimes severe, exploitable bugs that could be used by a real attacker.
  • Attackers can now use fuzz testing to find vulnerabilities before the developers do.
  • Fuzz testing enhances software security and software safety because it often finds odd oversights and defects which human testers would fail to find.
advantages and disadvantages of fuzz testing7
Advantages and Disadvantages of Fuzz Testing

Disadvantages:

  • The main problem with fuzzing to find program faults is that it generally only finds very simple faults.
  • A primitive fuzzer may have poor code coverage.
  •  Every fuzzer can be expected to find a different set of bugs.
fuzz testing software
Fuzz testing software

There are many free software packages available on the internet as well as those which you may have to purchase.

  • Power Fuzzer (free, Open Source)
  • http://www.powerfuzzer.com/#documentation
  • Jbro Fuzz (free, open source)
  • http://peachfuzzer.com/WhatIsPeach
  • Peach Fuzzing Platform (free, open Source) http://peachfuzzer.com/WhatIsPeach

And there are many more free Fuzz testing software packages

references
References

http://en.wikipedia.org/wiki/Fuzz_testing

http://www.powerfuzzer.com/#documentation

http://www.zerodayscan.com/

http://sourceforge.net/projects/jbrofuzz/