Fuzzing101.pdf
(
1437 KB
)
Pobierz
Fuzzing / Automated
Testing
Owen Redwood
Offensive Computer Security 2015
http://hackallthethings.com/
“Any sufficiently advanced bug is
indistinguishable from a feature”
-Rich Kulawiec
Quoted in ch3 “Exploratory Software Testing” by
James A Whittaker
Outline
1.
2.
3.
4.
5.
6.
7.
8.
About Bugs
About Testing
Fuzzing
CS Theory
Test Harness
Howto Fuzzing
Crash Analysis
Extra Topics
Two types of testing
1. General Testing
a. Regression testing
b. developer written use cases
c. spec-focused use cases
2. Random Testing
a. fuzzing (The topic of this lecture)
fuzzing may find more bugs than all other
forms of testing
Challenges of Testing
● How do we verify that the software
performed correctly given arbitrary test
cases?
○
Right output?
○
Side effects?
■
These rely on quality specifications
Plik z chomika:
kufel_007
Inne pliki z tego folderu:
Fuzzing101.pdf
(1437 KB)
Inne foldery tego chomika:
01.Intro
02.SecureC
03.Code_Auditing
04.Linux
05.Windows
Zgłoś jeśli
naruszono regulamin