Home
International Software Testing Conference
Home
About The Conference
Organizers
2007 Security Speakers
2007 Security Testing Talks
2007 Quality Testing
2007 Keynote Speeches
2007 Sponsors
2007 Half-Day Workshops
VERIFY 2007 Conference
Mailing List

Enter your email to receive occasional news about VERIFY 2008.
ST11 Raising the Security Bar: Intelligent File Fuzzing PDF Print E-mail

Edward Bonver — Symantec

Testing software for security encompasses a variety of different security testing tools and techniques. One such technique is fuzzing data files, which is producing many variants of the original data files by mutating their contents. The goal is to make the software under test interact with the fuzzed files, in hopes of either crashing the software or making it behave unexpectedly.

Intelligent fuzzing is a more sophisticated type of fuzzing than dumb (completely random) fuzzing, because it is aware of the internal data layout of the file and targets specific data blobs. The hope is that this will allow it to bypass file integrity checks that may already be in place.

We argue that if software under test interacts with data or configuration files in any way, it is crucial to use fuzzing (more specifically intelligent fuzzing) to test the security of the software.




Digg!Reddit!Del.icio.us!Google!Netscape!Technorati!StumbleUpon!Newsvine!Yahoo!
Last Updated ( Monday, 30 July 2007 )