Fuzz - 1.0 - Fuzzing testing for basics
There are two types of testing methodology
- General testing (Test case are fixed)
- Regression testing
- Unit testing
- Integration testing
- Spec-focused use cases
- Random Testing
Fuzzing may find more bugs than all other forms of testing.
Challenges of Testing
The main issue is verification
- Hard to define the right output
- Hard to manage the side effects
- Distinguish bugs from features
Three primary methods
- Source code auditing (static/dynamic input)
- White box testing
- Requires source code
- Need compiler flags for this
- Like buffer overflow etc
- Reverse engineering (static input)
- Fuzzing (dynamic input
- Lots of tools/frameworks exist
- Its not necessary to have source code
- only binary is fine
- Dynamic Taint Analysis / Data flow (dynamic)
- Symbolic Execution (Dynamic)
Not all bugs are vulnerabilities.
Only exploitable bugs are vulnerabilities.
So look for exploitable bugs.
What is fuzzing?
Testing process by sending specific data to app, and try to generate certain responses
Specific data includes
- Mutated data, generational data, edge cases, unanticipated data-types, etc
Certain response includes
- crashes, errors, anomalous behavior, changed app states, etc
effective since it can transit 1000x more test cases than manual testing.