Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Fuzzing for software vulnerabilitydiscovery

Fuzzing for software vulnerabilitydiscovery

Ratings: (0)|Views: 163|Likes:
Published by Roberto
Fuzzing for software vulnerabilitydiscovery
Fuzzing for software vulnerabilitydiscovery

More info:

Published by: Roberto on Apr 20, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/07/2014

pdf

text

original

 
Fuzzing for software vulnerabilitydiscovery
Toby ClarkeTechnical ReportRHUL-MA-2009-0417 February 2009
Department of MathematicsRoyal Holloway, University of LondonEgham, Surrey TW20 0EX, England
http://www.rhul.ac.uk/mathematics/techreports
 
TABLE OF CONTENTS
1.1 The Need for Secure Software. . . . . . . . . . . . . . . . . . . . . . 91.1.1 Software Vulnerabilities: The Source of the Problem. . . . . . 101.1.2 The Defence in Depth Approach. . . . . . . . . . . . . . . . . 121.1.3 Network Solutions for Software Problems. . . . . . . . . . . . 131.1.4 Software Vulnerabilities are a Root Cause of Information Secu-rity Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.1.5 The Influence of End-User Testing. . . . . . . . . . . . . . . 151.2 Objectives for this Project. . . . . . . . . . . . . . . . . . . . . . . . 16
2.1 Software Vulnerability Classes. . . . . . . . . . . . . . . . . . . . . . 182.1.1 Design Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . 192.1.2 Implementation Vulnerabilities. . . . . . . . . . . . . . . . . 192.1.3 Operational Vulnerabilities. . . . . . . . . . . . . . . . . . . . 192.2 Implementation Errors. . . . . . . . . . . . . . . . . . . . . . . . . . 202.3 The Need for Input Validation. . . . . . . . . . . . . . . . . . . . . . 232.4 Differentiation Between Instructions and Data. . . . . . . . . . . . . 242.5 Escalation of Privilege. . . . . . . . . . . . . . . . . . . . . . . . . . 242.6 Remote Code Execution. . . . . . . . . . . . . . . . . . . . . . . . . 242.7 Trust Relationships. . . . . . . . . . . . . . . . . . . . . . . . . . . . 252.8 Command Injection. . . . . . . . . . . . . . . . . . . . . . . . . . . . 262.9 Code Injection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
 
22.10 Buffer Overflows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272.11 Integer Overflows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282.12 Signedness Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.13 String Expansion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.14 Format Strings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.15 Heap Corruption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322.16 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.1 Software Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.2 Software Security Testing. . . . . . . . . . . . . . . . . . . . . . . . . 363.3 Structural, ‘White Box’ Testing. . . . . . . . . . . . . . . . . . . . . 373.3.1 Static Structural Analysis. . . . . . . . . . . . . . . . . . . . 373.3.2 Dynamic Structural Testing. . . . . . . . . . . . . . . . . . . 413.4 Functional, ‘Black Box’ Testing. . . . . . . . . . . . . . . . . . . . . 413.5 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.1 The Origins of Fuzzing. . . . . . . . . . . . . . . . . . . . . . . . . . 444.2 A Basic Model of a Fuzzer. . . . . . . . . . . . . . . . . . . . . . . . 454.3 Fuzzing Stages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464.3.1 Target Identification. . . . . . . . . . . . . . . . . . . . . . . 464.3.2 Input Identification. . . . . . . . . . . . . . . . . . . . . . . . 484.3.3 Fuzz Test Data Generation. . . . . . . . . . . . . . . . . . . . 494.3.4 Fuzzed Data Execution. . . . . . . . . . . . . . . . . . . . . . 504.3.5 Exception Monitoring. . . . . . . . . . . . . . . . . . . . . . 504.3.6 Determining Exploitability. . . . . . . . . . . . . . . . . . . . 514.4 Who Might Use Fuzzing. . . . . . . . . . . . . . . . . . . . . . . . . 514.5 The Legality of Fuzz Testing. . . . . . . . . . . . . . . . . . . . . . . 534.6 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.1 Application Input Space. . . . . . . . . . . . . . . . . . . . . . . . . 545.2 Random Data Generation. . . . . . . . . . . . . . . . . . . . . . . . 565.2.1 Code Coverage and Fuzzer Tracking. . . . . . . . . . . . . . . 565.2.2 Static Values. . . . . . . . . . . . . . . . . . . . . . . . . . . 595.2.3 Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . 605.3 Brute Force Generation. . . . . . . . . . . . . . . . . . . . . . . . . . 625.4 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->