1 / 9

Website Fuzz Testing

Website Fuzz Testing Website Fuzzing Fuzz testing  or  fuzzing  is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails, the defects can be noted. Fuzzing Applications

MikeCarlo
Télécharger la présentation

Website Fuzz Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Website Fuzz Testing

  2. Website Fuzzing Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails, the defects can be noted.

  3. Fuzzing Applications Fuzz testing is often used in large software development projects that employ black-box testing. The oldest and simplest form of fuzzing, sending a stream of random bits to software, originated from Prof. Barton Miller's group at the University of Wisconsin in 1988. Another common technique that is easy to implement is mutating existing input by flipping bits at random or moving blocks of the file around. But the most successful fuzzers have detailed understanding of the format or protocol being tested.

  4. Fuzzing Results Fuzz testing reveal many different behaviors. Straight-up failures such as crashes, assertion failures, and memory leaks are easy to detect. The use of a memory debugger can help find bugs too subtle to always crash. Fuzz testing is especially useful against large C or C++ applications, where any bug affecting memory safety is likely to be a severe vulnerability.

  5. Reproducing Fuzz Errors Developers need to reproduce errors in order to fix them. For this reason, almost all fuzz testing makes a record of the data it manufactures, usually before applying it to the software, so that if the computer fails dramatically, the test data is preserved.

  6. Advantages and Disadvantages of Fuzz Testing Advantages: • Bugs found using fuzz testing are sometimes severe, exploitable bugs that could be used by a real attacker. • Attackers can now use fuzz testing to find vulnerabilities before the developers do. • Fuzz testing enhances software security and software safety because it often finds odd oversights and defects which human testers would fail to find.

  7. Advantages and Disadvantages of Fuzz Testing Disadvantages: • The main problem with fuzzing to find program faults is that it generally only finds very simple faults. • A primitive fuzzer may have poor code coverage. •  Every fuzzer can be expected to find a different set of bugs.

  8. Fuzz testing software There are many free software packages available on the internet as well as those which you may have to purchase. • Power Fuzzer (free, Open Source) • http://www.powerfuzzer.com/#documentation • Jbro Fuzz (free, open source) • http://peachfuzzer.com/WhatIsPeach • Peach Fuzzing Platform (free, open Source) http://peachfuzzer.com/WhatIsPeach And there are many more free Fuzz testing software packages

  9. References http://en.wikipedia.org/wiki/Fuzz_testing http://www.powerfuzzer.com/#documentation http://www.zerodayscan.com/ http://sourceforge.net/projects/jbrofuzz/

More Related