Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program
The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks
Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion
Types of fuzzers
generation-based or mutation-based depending on whether inputs are generated from scratch or by modifying existing inputs,
dumb or smart depending on whether it is aware of input structure
white-, grey-, or black-box, depending on whether it is aware of program structure
Why
prevent different kinds of bugs:
detect memory related errors, such as buffer overflows and use-after-free
detect race conditions and deadlocks
detect undefined behavior
detect memory leaks
check control-flow integrity
Advantages
find the most serious security level fault or defect
provides the best testing results
one of the best cost-effective testing techniques
identify vulnerabilities which are prone to be exploited by buffer overflow, DOS (Denial of Service), SQL injection and cross-site scripting
can completely block the hacker’s show
When
History
at the University of Wisconsin Madison in 1989 by Professor Barton Miller and his students
as early as possible
Continuous Fuzzing
How
A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs
Attack types
numbers (signed/unsigned integers/float…)
chars (urls, command-line inputs)
metadata : user-input text (id3 tag)
pure binary sequences
A common approach to fuzzing
“known-to-be-dangerous values” (fuzz vectors)
for integers: zero, possibly negative or very big numbers
for chars: escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)