Ready to Start Your Career?
August 15, 2017
Your Complete Guide to Fuzzing
August 15, 2017
What is fuzzing?A black box software testing technique, fuzzing is a more refined version of trial and error, used to discover coding errors and security vulnerabilities in software. It involves imputing large amounts of random data, known as ‘fuzz,’ into the target program until one of those permutations reveals a vulnerability. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes.Although an older process, fuzzing is used by hackers and defenders alike. Professor Barton Miller and his students developed this powerful tool for both exploitation and defense at the University of Wisconsin Madison in 1989. It is important to recognize that fuzzing can be used by both security professionals as a means of protecting against exploits and hackers seeking vulnerabilities to exploit.Fuzzing , which is a relatively low budget way of conducting a security audit and commonly used by even the largest organizations like Amazon and Google, has grown in popularity since its inception.The purpose of fuzzing relies on the assumption that every program contains bugs and those bugs are just waiting to be discovered. A systematical/ random approach will help testers find them.
Why use fuzzing?According to TechTarget, “Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.”The systematical/random approach taken with fuzzing allows users to find bugs that would have often been missed by human eyes. When the tested system is totally closed, fuzzing is one of the only means of reviewing the test’s quality.Generally speaking, fuzzing is low budget, simple to conduct, and can reveal serious defects that would otherwise be overlooked. While it does not provide a full scope of an organization or networks security, it can be effective in Black Box testing, debugging and even beta testing.
What is an example of fuzzing?A common approach to fuzzing is to define lists of ‘known-to-be-dangerous values’ (fuzz vectors) for each type, and to inject them or recombination’s.
- for integers: zero, possibly negative or very big numbers
- for chars: escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands...)
- for binary: random ones