This page contains a Flash digital edition of a book.
24 | Test security
baseline. For example, a file fuzzer is more complex as it involves a full
may take a valid .pdf file and mutate understanding of all the potential
it, automatically generating a large input and the integration of this
number of modified versions of the file understanding into the fuzzing engine.
which will in turn be opened by the Generation-based fuzzers can’t be
.pdf reader. A network protocol fuzzer easily reused as they are focussed on
may start from a known valid TCP a specific target, however they are
request, modify this request in various usually more thorough in the testing
ways and send it to the server. and the code coverage is better,
Depending on the design of the therefore leading to better results.
fuzzer the mutation can simply be
random or can implement some level In practice
of intelligence. Consider the following typical
Generally this approach is simple example. We are testing a piece of
and fast. Moreover, mutation-based software which receives a request
fuzzers can usually be reused in many from a client. The network protocol
different scenarios. For example, states that the message sent to the
it should be very simple to reuse a server needs to be in the following
mutation-based .pdf fuzzer to any format:
other file format. However these - Byte 1: Type of message
types of fuzzer only test variations of - Byte 2: Length of the message
a known example and therefore the - Buffer of the length specified
The growth of resources
code coverage tends to be very limited in Byte 2
as they only provide input for a small Depending on the message type,
on fuzzing is increasing
range of all the potential input. the server would execute a different
the adoption of this
Generation-based input: In action. A valid example request sent to
technique by QA teams. this approach the entry data is the server would have a format like:
Nowadays there is a
generated from scratch, based on the
specification of the file type, network
greater understanding of
1 14 This is a test
protocol, API, etc that is going to be
this technique which has
tested. For example a HTTP protocol
proved very efficient in fuzzer may be designed based on the The example above is a request with
discovering security issues
Hypertext Transfer Protocol [2]. It type 1 and the text “This is a test” (14
that could have been very
would cover all the possible requests, characters)
methods and parameters. Now consider the following server
difficult to identify with
This approach requires a level implementation where there is
white box approaches such of understanding of the software vulnerability caused by an insecure
as source code reviews.
that is going to be tested. The memory allocation when the type of
implementation of this ntype of fuzzer the message equals three:
T.E.S.T | June 09 June 09 | T.E.S.T
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com