Fuzzing for the masses
2008; Elsevier BV; Volume: 2008; Issue: 8 Linguagem: Inglês
10.1016/s1353-4858(08)70095-3
ISSN1872-9371
Autores Tópico(s)Information and Cyber Security
ResumoTraditionally, security testing involved using a predefined set of test data to see if any flaws could be found in a system. But no matter how much a tester thinks that data through, there will always be something missing that could turn up in the real world and cause a system failure. Fuzzing is a security testing technique in which testers throw random data at a system until the system reacts in an unpredictable way. Ari Takanen, co-founder and CTO of Codenomics, recently finished co-authoring a book on fuzzing. In this article, he describes some of the basic techniques involved, and highlights some of the different types of fuzzer that can be used to try and evaluate system security. While building a commercial fuzzing company that uses fuzzing principles to build world-leading security test tools, I have been working on a small book project with Jared DeMott (author of GPF and EFS fuzzers) and Charlie Miller (independent security evaluator). Finally, our book on fuzzing is out! 'Yet another book on fuzzing?' one may ask. Not quite.
Referência(s)