Scribd
Upload
46 views

Fuzz Testing: Headstrong - Strong Opinions, Strong Results

Fuzz Testing

Uploaded by

ursonlyparth
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
46 views

Fuzz Testing: Headstrong - Strong Opinions, Strong Results

Fuzz Testing

Uploaded by

ursonlyparth
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

Headstrong – Strong opinions, Strong Results

Morgan Stanley –GWM QA

Fuzz Testing
(Vibhor Aggarwal, Amit Sinha, Sonia Sharma and Esha Mishra)
strong opinions
Introduction strong results

• Fuzzing is a negative software testing method that feeds a


program, device or system with malformed and unexpected
input data in order to find critical crash-level defects.
• Fuzz testing is less effective for dealing with security threats
that do not cause program crashes, such as spyware, some
viruses, worms, Trojans and key loggers.
• Fuzzing is generally used as a black-box testing technique
that does not require any access to the source code of the
system under test.
• Tests can be conducted against any system, whether it is
internally built, or developed by third parties.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Use of Fuzzing strong results

• Fuzzing is relatively new test automation technique for finding


critical security problems in software.
• Only a year ago, it was mostly an unknown hacking technique
that very few quality assurance specialists knew about
• But now, 80% of leading service providers and device
manufacturers are using or are in process of deploying fuzzing.
• One can say that fuzzing is finally a mainstream testing technique
used by all major companies building critical software and
devices.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Requirement and Fuzzing strong results

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzzing and Black Box Testing strong results

There are 3 types of Black-box testing-:


 Feature Testing - It is the traditional approach of validating
and verifying functionality
 Performance Testing - It looks at the efficiency of the built
system.
 Robustness Testing – It tests the system under invalid
inputs, focusing on checking the system stability, security
and reliability.
 Fuzzing is one form of robustness testing

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Purpose of Fuzzing strong results

• The purpose of fuzzing is to find security critical flaws, and


the timing of such test will have heavy impact on the total
cost of the software.
• Depending on which phase of the software lifecycle you
focus your testing efforts, the cost per bug will change. If
you can find and fix a problem early in the product
lifecycle, the cost per bug is much less compared to a flaw
found after the release of the software.
• All the errors or defects found using fuzzing are very real,
and provide a solid metric for product security
improvements.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Test Generation in Fuzzing strong results

Two different test automation techniques are popular in


Fuzzing:-
• The easiest method of building a fuzzer is based on re-
using a test case from feature testing or performance
testing, whether it is a test script or a captured message
sequence, and then augmenting that piece of data with
mutations, or anomalies.
• The other method of fuzzing is based on building the
model from communication protocol specifications and
state-diagrams.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzzing Adaptation Strategies strong results

• QA Usage of Fuzzing in Software Development


• Regression testing and product comparisons using
Fuzzing at test laboratories e.g.. 2 different parsers.
• Penetration testing use in IT operations.
• Some users prefer random fuzzers whereas others
look for intelligent fuzzing

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Types of Bugs found strong results

• Fuzz testing is especially useful against large


applications, where any bug affecting memory safety is
likely to be a severe vulnerability. It is these security
concerns that motivate the development of most
fuzzers.
• Since fuzzing often generates invalid input, it is
especially good at testing error-handling routines,
which are important for software that does not control
its input.
• It can also find unintentional differences between two
versions of a program or between two
implementations of the same specification.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Reproduction and Isolation strong results

• As a practical matter, developers need to reproduce


errors in order to fix them. For this reason, Almost all
fuzz testing makes a record of the data it
manufactures, usually before applying it to the
software, so that if the computer fails dramatically, the
test data is preserved.
• Once a bug found through fuzzing is reproduced, it is
often desirable to produce a simple test case to make
the issue easier to understand and debug. A simple
test case may also be faster and therefore more
suitable for inclusion in a test suite that is run
frequently.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Fuzz Testing Techniques strong results

• The simplest form of fuzzing technique is sending a stream of random


bits to software, either as command line options or randomly mutated
protocol packets
• Another common technique that is easy to implement is mutating
existing input (e.g. files from a test suite) by flipping bits at random or
moving blocks of the file around.
• The fuzzers can generate test cases from scratch, or they can mutate
examples from test suites or real life. They can concentrate on valid or
invalid input, with mostly-valid input tending to trigger the "deepest"
error cases.
• Evolutionary fuzzing leverages feedback from code coverage,
effectively automating the approach of Exploratory Testing.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Advantages strong results

• Bugs found using fuzz testing are sometimes severe, exploitable


bugs that could be used by a real attacker.
• Attackers can now use fuzz testing to find vulnerabilities before
the developers do.
• Fuzz testing enhances software security and software
safety because it often finds odd oversights and defects which
human testers would fail to find.

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
Disadvantages strong results

• The main problem with fuzzing to find program faults is that it


generally only finds very simple faults.
• A primitive fuzzer may have poor code coverage. eg checksum
• The randomness of inputs used in fuzzing is often seen as a
disadvantage, as catching a boundary value condition with
random inputs is highly unlikely

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.
strong opinions
strong results

© Copyright 2010 Headstrong Confidential and Proprietary Information | www.headstrong.com | Page No.

You might also like