Finding Software Vulnerabilities by Smart Fuzzing

摘要

Nowadays, one of the most effective ways to identify software vulnerabilities by testing is the use of fuzzing, whereby the robustness of software is tested against invalid inputs that play on implementation limits or data boundaries. A high number of random combinations of such inputs are sent to the system through its interfaces. Although fuzzing is a fast technique which detects real errors, its efficiency should be improved. Indeed, the main drawbacks of fuzz testing are its poor coverage which involves missing many errors, and the quality of tests. Enhancing fuzzing with advanced approaches such as: data tainting and coverage analysis would improve its efficiency and make it smarter. This paper will present an idea on how these techniques when combined give better error detection by iteratively guiding executions and generating the most pertinent test cases able to trigger potential vulnerabilities and maximize the coverage of testing.