Intelligent Fuzz Testing Framework for Finding Hidden Vulnerabilities in Automotive Environment

2018 ◽  
Author(s):  
Pranav Patki ◽  
Ajey Gotkhindikar ◽  
Sunil Mane
Keyword(s):  
Testing Framework ◽  
Fuzz Testing

CONFU

2012 ◽  
pp. 152-167
Author(s):  
Huning Dai ◽  
Christian Murphy ◽  
Gail E. Kaiser
Keyword(s):  
Case Studies ◽  
Software Security ◽  
Performance Evaluations ◽  
Testing Technique ◽  
Security Vulnerabilities ◽  
Testing Framework ◽  
Testing Methodology ◽  
Fuzz Testing ◽  
Runtime Environment ◽  
Semantic Validity

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.

The Research and Application of the Variant Fuzz Testing Framework for Log Based on the Structured Data

2014 ◽  
Vol 602-605 ◽  
pp. 1749-1752
Author(s):  
Li Yuan Sun ◽  
Yan Mei Zhang
Keyword(s):  
Computer Program ◽  
Software Testing ◽  
Structured Data ◽  
Class Structure ◽  
Random Data ◽  
Testing Technique ◽  
Testing Framework ◽  
Design And Implementation ◽  
Fuzz Testing ◽  
Function Modules

Fuzz testing is a software testing technique,which provides invalid, unexpected, or random data to the inputs of a computer program to test the robustness and security of procedures[1]. For structured data like logging, the variant fuzz testing framework adopts a configuration file, apply traverse and stream processing to complete the structured fuzzing. This article starts with the features of the structured data, then introduces the design and implementation of the variant fuzz testing framework, including function modules, class structure, and logic processing. As a conclusion, this framework is compared with zzuf tool, and the advanced nature of this framework is elaborated.

scholarly journals CONFU

2010 ◽  
Vol 1 (3) ◽  
pp. 41-55 ◽  
Author(s):  
Huning Dai ◽  
Christian Murphy ◽  
Gail Kaiser
Keyword(s):  
Case Studies ◽  
Software Security ◽  
Performance Evaluations ◽  
Testing Technique ◽  
Security Vulnerabilities ◽  
Testing Framework ◽  
Testing Methodology ◽  
Fuzz Testing ◽  
Runtime Environment ◽  
Semantic Validity

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.

Sign in / Sign up

Export Citation Format

Share Document