Scribd
Upload
48 views

Fuzz Testing: Headstrong - Strong Opinions, Strong Results

Fuzz Testing

Uploaded by

ursonlyparth
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
48 views

Fuzz Testing: Headstrong - Strong Opinions, Strong Results

Fuzz Testing

Uploaded by

ursonlyparth
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

Headstrong – Strong opinions, Strong Results

Morgan Stanley –GWM QA

Fuzz Testing
(Vibhor Aggarwal, Amit Sinha, Sonia Sharma and Esha Mishra)
strong opinions
Introduction strong results

• Fuzzing is a negative software testing method that feeds a


program, device or system with malformed and unexpected
input data in order to find critical crash-level defects.
• Fuzz testing is less effective for dealing with security threats
that do not cause program crashes, such as spyware, some
viruses, worms, Trojans and key loggers.
• Fuzzing is generally used as a black-box testing technique
that does not require any access to the source code of the
system under test.
• Tests can be conducted against any system, whether it is
internally built, or developed by third parties.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Use of Fuzzing strong results

• Fuzzing is relatively new test automation technique for finding


critical security problems in software.
• Only a year ago, it was mostly an unknown hacking technique
that very few quality assurance specialists knew about
• But now, 80% of leading service providers and device
manufacturers are using or are in process of deploying fuzzing.
• One can say that fuzzing is finally a mainstream testing technique
used by all major companies building critical software and
devices.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Requirement and Fuzzing strong results

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzzing and Black Box Testing strong results

There are 3 types of Black-box testing-:


 Feature Testing - It is the traditional approach of validating
and verifying functionality
 Performance Testing - It looks at the efficiency of the built
system.
 Robustness Testing – It tests the system under invalid
inputs, focusing on checking the system stability, security
and reliability.
 Fuzzing is one form of robustness testing

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Purpose of Fuzzing strong results

• The purpose of fuzzing is to find security critical flaws, and


the timing of such test will have heavy impact on the total
cost of the software.
• Depending on which phase of the software lifecycle you
focus your testing efforts, the cost per bug will change. If
you can find and fix a problem early in the product
lifecycle, the cost per bug is much less compared to a flaw
found after the release of the software.
• All the errors or defects found using fuzzing are very real,
and provide a solid metric for product security
improvements.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Test Generation in Fuzzing strong results

Two different test automation techniques are popular in


Fuzzing:-
• The easiest method of building a fuzzer is based on re-
using a test case from feature testing or performance
testing, whether it is a test script or a captured message
sequence, and then augmenting that piece of data with
mutations, or anomalies.
• The other method of fuzzing is based on building the
model from communication protocol specifications and
state-diagrams.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzzing Adaptation Strategies strong results

• QA Usage of Fuzzing in Software Development


• Regression testing and product comparisons using
Fuzzing at test laboratories e.g.. 2 different parsers.
• Penetration testing use in IT operations.
• Some users prefer random fuzzers whereas others
look for intelligent fuzzing

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Types of Bugs found strong results

• Fuzz testing is especially useful against large


applications, where any bug affecting memory safety is
likely to be a severe vulnerability. It is these security
concerns that motivate the development of most
fuzzers.
• Since fuzzing often generates invalid input, it is
especially good at testing error-handling routines,
which are important for software that does not control
its input.
• It can also find unintentional differences between two
versions of a program or between two
implementations of the same specification.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Reproduction and Isolation strong results

• As a practical matter, developers need to reproduce


errors in order to fix them. For this reason, Almost all
fuzz testing makes a record of the data it
manufactures, usually before applying it to the
software, so that if the computer fails dramatically, the
test data is preserved.
• Once a bug found through fuzzing is reproduced, it is
often desirable to produce a simple test case to make
the issue easier to understand and debug. A simple
test case may also be faster and therefore more
suitable for inclusion in a test suite that is run
frequently.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzz Testing Techniques strong results

• The simplest form of fuzzing technique is sending a stream of random


bits to software, either as command line options or randomly mutated
protocol packets
• Another common technique that is easy to implement is mutating
existing input (e.g. files from a test suite) by flipping bits at random or
moving blocks of the file around.
• The fuzzers can generate test cases from scratch, or they can mutate
examples from test suites or real life. They can concentrate on valid or
invalid input, with mostly-valid input tending to trigger the "deepest"
error cases.
• Evolutionary fuzzing leverages feedback from code coverage,
effectively automating the approach of Exploratory Testing.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Advantages strong results

• Bugs found using fuzz testing are sometimes severe, exploitable


bugs that could be used by a real attacker.
• Attackers can now use fuzz testing to find vulnerabilities before
the developers do.
• Fuzz testing enhances software security and software
safety because it often finds odd oversights and defects which
human testers would fail to find.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Disadvantages strong results

• The main problem with fuzzing to find program faults is that it


generally only finds very simple faults.
• A primitive fuzzer may have poor code coverage. eg checksum
• The randomness of inputs used in fuzzing is often seen as a
disadvantage, as catching a boundary value condition with
random inputs is highly unlikely

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
strong results

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy