Fuzz - 1.0 - Fuzzing testing for basics

Background

There are two types of testing methodology

• General testing (Test case are fixed)
  • Regression testing
  • Unit testing
  • Integration testing
  • Spec-focused use cases
• Random Testing
  • Fuzzing
    Fuzzing may find more bugs than all other forms of testing.

Challenges of Testing

The main issue is verification
- Hard to define the right output
- Hard to manage the side effects
- Distinguish bugs from features

Discovering Vulnerabilities

Three primary methods

• Source code auditing (static/dynamic input)
  • White box testing
  • Requires source code
  • Need compiler flags for this
  • Like buffer overflow etc
• Reverse engineering (static input)
• Fuzzing (dynamic input
  • Lots of tools/frameworks exist
  • Its not necessary to have source code
  • only binary is fine
• Dynamic Taint Analysis / Data flow (dynamic)
• Symbolic Execution (Dynamic)

Not all bugs are vulnerabilities.
Only exploitable bugs are vulnerabilities.
So look for exploitable bugs.

What is fuzzing?

Testing process by sending specific data to app, and try to generate certain responses
Specific data includes

• Mutated data, generational data, edge cases, unanticipated data-types, etc
  Certain response includes
• crashes, errors, anomalous behavior, changed app states, etc

Its very effective since it can transit 1000x more test cases than manual testing.