没有合适的资源?快使用搜索试试~ 我知道了~
首页科诺康Codenomicon的fuzzing方法介绍
资源详情
资源评论
资源推荐
1
© 2014
What is Fuzzing: The Poet,
the Courier, and the Oracle
Fuzzing is well established as an excellent technique for locating
vulnerabilities in software. The basic premise is to deliver intentionally
malformed input to target software and detect failure. A complete
fuzzer has three components. A poet creates the malformed inputs
or test cases. A courier delivers test cases to the target software.
Finally, an oracle detects if a failure has occurred in the target.
Fuzzing is a crucial tool in software vulnerability management, both
for organizations that build software as well as organizations that use
software.
January 7, 2015
Jonathan Knudsen
Principal Security Engineer
Mikko Varpiola
Founder
2
© 2014
Table of Contents
1. Fuzzing in the Context of Software Testing……………………………………… 3
1.1 Positive and Negative Testing…………………………………………………….3
1.2 Software Vulnerabilities……………………………………………………………..3
1.3 Black, White, and Gray Box Testing…………………………………………….4
1.4 Static and Dynamic Testing………………………………………………………..4
1.5 What is Fuzzing?………………………………………………………………………..5
1.6 Zooming Out: Vulnerability Management…………………………………..5
1.7 Zooming All the Way Out: Risk Management……………………………..5
2. The Poet…………………………………………………………………………………………. 5
2.1 Random…………………………………………………………………………………… 6
2.2 Template………………………………………………………………………………….. 6
2.3 Generational……………………………………………………………………………...7
2.4 Evolutionary……………………………………………………………………………....7
3. The Courier……………………………………………………………………………………… 7
3.1 Network Protocol Fuzzing………………………………………………………….7
3.2 File Fuzzing………………………………………………………………………………..8
3.3 API Fuzzing………………………………………………………………………………..8
3.4 User Interface Fuzzing……………………………………………………………….8
4. The Oracle………………………………………………………………………………………..8
4.1 Types of Failures………………………………………………………………………..9
4.2 Traditional Oracles……………………………………………………………………..9
4.2.1 Eyeballs .............................................................................................. 9
4.2.2 Valid Case or Functional ................................................................ 9
4.2.3 Resource Monitoring ...................................................................... 9
4.3 Advanced Oracles…………………………………………………………………….10
4.3.1 External .......................................................................................... ..10
4.3.2 Dynamic Binary ............................................................................ ..10
4.3.3 Source Code Instrumentation ....................................................10
4.3.4 Functional and Behavioral Checks ............................................11
5. Wrap Up………………………………………………………………………………………...11
3
© 2014
1. Fuzzing in the Context of Software
Testing
Fuzz testing, or
fuzzing
, is a type of software testing in which
deliberately malformed or unexpected inputs are delivered to
target software to see if failure occurs.
In this paper, we use
software
to mean anything that is compiled
from source code into executable code that runs on some sort
of processor, including operating systems, desktop applications,
server applications, mobile applications, embedded system
firmware, systems on a chip, and more.
When a piece of software fails accidentally due to unexpected or
malformed input, it is a
robustness
problem.
In addition, a diverse cast of miscreants actively seeks to make
software fail by delivering unexpected or malformed inputs. When
software fails due to deliberate attack, it is a
security
problem.
A software failure that causes harm or death to humans is a
safety
problem.
Robustness, security, and safety are three faces of the same
hobgoblin, software
bugs
. A bug is a mistake made by a developer;
under the right conditions, the bug is triggered and the software
does something it was not supposed to do. Improving robustness,
security, and safety is a matter of finding and fixing bugs.
1.1. Positive and Negative Testing
Historically, software testing has focused on functionality. Does the
software work the way it’s supposed to work? In functional testing, a
type of
positive testing
, test developers create code and frameworks
that deliver valid inputs to the target software and check for the
correct output. For example, if we press the big red button (deliver an
input), does the software turn on the city’s power grid (correct
output)?
In a traditional software development methodology, the software
design is a list of requirements for the target software. The test
development team has a fairly straightforward task of translating the
design requirements into test cases to verify that the software is
performing as described in the specification.
Functional testing is certainly important—the target software must
behave as expected when presented with valid inputs. However,
software that is only subjected to positive testing will fail easily when
released into a chaotic and hostile world.
The real world is a mess. It is full of unexpected conditions and badly
formed inputs. Software must be able to deal with other software
and people who will supply poorly formed inputs, perform actions in
unexpected order, and generally misuse the software.
Negative
testing
is the process of sending incorrect or unexpected inputs to
software and checking for failure.
Be aware that different negative test tools will produce different
results for the same test target. Each tool works differently and will
test different kinds of badly formed inputs on the target software.
1.2. Software Vulnerabilities
Bugs are also known as
code vulnerabilities
. In the world of
software, vulnerabilities come in three flavors:
1.
Design vulnerabilities
are problems with the design of the
software itself. For example, a banking website that does
not require users to authenticate has a serious design
vulnerability. In general, design vulnerabilities must be
hunted and killed by humans—automated tools simply do
not exist at this level.
2.
Configuration vulnerabilities
occur when the setup of a
piece of software has exposed a vulnerability. For example,
deploying a database with default (factory-installed)
administration credentials is a configuration vulnerability.
While there are some automated tools that can assist in
locating configuration vulnerabilities, much of the seek-and-
destroy work must be performed by humans.
3.
Code vulnerabilities
are bugs. Positive testing, with manually
coded test cases, can be used to find and fix bugs related
to functionality. Negative testing, which can be heavily
剩余10页未读,继续阅读
losloslos
- 粉丝: 0
- 资源: 7
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- RTL8188FU-Linux-v5.7.4.2-36687.20200602.tar(20765).gz
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0