scholarly journals DeepDiver: Diving into Abysmal Depth of the Binary for Hunting Deeply Hidden Software Vulnerabilities

2020 ◽  
Vol 12 (4) ◽  
pp. 74
Author(s):  
Fayozbek Rustamov ◽  
Juhwan Kim ◽  
JooBeom Yun
Keyword(s):  
Software Testing ◽  
Real World ◽  
High Performance ◽  
Automated Software Testing ◽  
Code Coverage ◽  
Software Vulnerabilities ◽  
Fuzz Testing ◽  
Concolic Execution ◽  
High Level ◽  
Automated Software

Fuzz testing is a simple automated software testing approach that discovers software vulnerabilities at a high level of performance by using randomly generated seeds. However, it is restrained by coverage and thus, there are chances of finding bugs entrenched in the deep execution paths of the program. To eliminate these limitations in mutational fuzzers, patching-based fuzzers and hybrid fuzzers have been proposed as groundbreaking advancements which combine two software testing approaches. Despite those methods having demonstrated high performance across different benchmarks such as DARPA CGC programs, they still present deficiencies in their ability to analyze deeper code branches and in bypassing the roadblocks checks (magic bytes, checksums) in real-world programs. In this research, we design DeepDiver, a novel transformational hybrid fuzzing tool that explores deeply hidden software vulnerabilities. Our approach tackles limitations exhibited by existing hybrid fuzzing frameworks, by negating roadblock checks (RC) in the program. By negating the RCs, the hybrid fuzzer can explore new execution paths to trigger bugs that are hidden in the abysmal depths of the binary. We combine AFL++ and concolic execution engine and leveraged the trace analyzer approach to construct the tree for each input to detect RCs. To demonstrate the efficiency of DeepDiver, we tested it with the LAVA-M dataset and eight large real-world programs. Overall, DeepDiver outperformed existing software testing tools, including the patching-based fuzzer and state-of-the-art hybrid fuzzing techniques. On average, DeepDiver discovered vulnerabilities 32.2% and 41.6% faster than QSYM and AFLFast respectively, and it accomplished in-depth code coverage.

scholarly journals BugMiner: Mining the Hard-to-Reach Software Vulnerabilities through the Target-Oriented Hybrid Fuzzer

Electronics ◽  
2020 ◽  
Vol 10 (1) ◽  
pp. 62
Author(s):  
Fayozbek Rustamov ◽  
Juhwan Kim ◽  
Jihyeon Yu ◽  
Hyunwook Kim ◽  
Joobeom Yun
Keyword(s):  
Real World ◽  
Symbolic Execution ◽  
Automated Software Testing ◽  
Software Vulnerabilities ◽  
Concolic Execution ◽  
Execution Engine ◽  
Innovative Methodology ◽  
Target Sites ◽  
Dynamic Symbolic Execution ◽  
Automated Software

Greybox Fuzzing is the most reliable and essentially powerful technique for automated software testing. Notwithstanding, a majority of greybox fuzzers are not effective in directed fuzzing, for example, towards complicated patches, as well as towards suspicious and critical sites. To overcome these limitations of greybox fuzzers, Directed Greybox Fuzzing (DGF) approaches were recently proposed. Current DGFs are powerful and efficient approaches that can compete with Coverage-Based Fuzzers. Nevertheless, DGFs neglect to accomplish stability between usefulness and proficiency, and random mutations make it hard to handle complex paths. To alleviate this problem, we propose an innovative methodology, a target-oriented hybrid fuzzing tool that utilizes a fuzzer and dynamic symbolic execution (also referred to as a concolic execution) engine. Our proposed method aims to generate inputs that can quickly reach the target sites in each sequence and trigger potential hard-to-reach vulnerabilities in the program binary. Specifically, to dive deep into the target binary, we designed a proposed technique named BugMiner, and to demonstrate the capability of our implementation, we evaluated it comprehensively on bug hunting and crash reproduction. Evaluation results showed that our proposed implementation could not only trigger hard-to-reach bugs 3.1, 4.3, 2.9, 2.0, 1.8, and 1.9 times faster than Hawkeye, AFLGo, AFL, AFLFast, QSYM, and ParmeSan respectively but also scale to several real-world programs.

scholarly journals Automated Software Testing Frameworks: A Review

2018 ◽  
Vol 179 (46) ◽  
pp. 22-28
Author(s):  
Milad Hanna ◽  
Amal Elsayed ◽  
Mostafa-Sami M.
Keyword(s):  
Software Testing ◽  
Automated Software Testing ◽  
Automated Software

Analisis Performa Website ISI Surakarta dan Universitas Diponegoro Menggunakan Automated Software Testing GTmetrix

SIMKOM ◽  
2017 ◽  
Vol 2 (3) ◽  
pp. 1-8
Author(s):  
Widhi Lestari ◽  
Aris Susanto
Keyword(s):  
Software Testing ◽  
Automated Software Testing ◽  
Automated Software

Website merupakan salah satu media informasi dan komunikasi yang penting untuk menyebarkan informasi secara terbuka dan luas ke seluruh penjuru dunia. Dalam dunia pendidikan, website sangatlah penting sebagai salah satu fasilitas penunjang untuk kebutuhan informasi dan komunikasi. Maka dari itu performa website pada perguruan tinggi harus menjadi perhatian masing-masing perguruan tinggi dikarenakan salah satu peranan penting website dalam menunjang kegiatan di perguruan tinggi. Evaluasi kualitas website dilakukan untuk mengetahui kualitas website berdasarkan PageSpeed dan YSlow menggunakan automated software testing GTmetrix. Tujuan penelitian ini untuk mengetahui dan menyajikan perbandingan performa website ISI Surakarta dan Universitas Diponegoro serta memberikan rekomendasi perbaikan bagi pihak pengelola website. Berdasarkan hasil pengujian website ISI Surakarta diperoleh rata-rata PageSpeed grade 54% atau di grade E. dan rata-rata YSlow grade 52% atau di grade E. Sedangkan hasil pengujian website Universitas Diponegoro tidak menampilkan hasil analisis atau tidak dapat dites, sehingga bisa dikatakan bahwa komponen yang ada di Undip terlindung dengan baik dan tidak sembarang hal termasuk tool tester website dapat menguji.

On the Application of Automated Software Testing Techniques to the Development and Maintenance of Speech Recognition Systems

2012 ◽  
pp. 30-48
Author(s):  
Daniel Bolanos
Keyword(s):  
Speech Recognition ◽  
Software Testing ◽  
Automatic Speech Recognition ◽  
Automated Testing ◽  
Automated Software Testing ◽  
Testing Framework ◽  
Methods And Techniques ◽  
Testing Techniques ◽  
Recognition Systems ◽  
Automated Software

This chapter provides practitioners in the field with a set of guidelines to help them through the process of elaborating an adequate automated testing framework to competently test automatic speech recognition systems. Through this chapter the testing process of such a system is analyzed from different angles, and different methods and techniques are proposed that are well suited for this task.

Automated Software Testing

2007 ◽  
pp. 82-110
Author(s):  
Paula Donegan ◽  
Liane Bandeira ◽  
Cristina Matos ◽  
Paula Luciana da Cunha ◽  
Camilla Maia
Keyword(s):  
Software Development ◽  
Software Testing ◽  
Test Automation ◽  
Automated Software Testing ◽  
Software Market ◽  
Test Efficiency ◽  
Strategy Types ◽  
Automated Software ◽  
Organizational Reality

This chapter approaches paramount aspects related to test automation, introducing the importance of implementation in the software market and essential bases, such as adjustment to the organizational reality and establishment of an efficient strategy. Types of tools and directives for a successful implantation are presented. Test automation has been considered the main measure taken to enhance test efficiency — fundamental in the software-development process. Responsible for verifying and/or validating the quality of the executable product compared to performed documentation and client requirements. Therefore, with the chapter content here provided, we aim to provide the reader with an understanding of test automation and grant relevant orientations to assist implementing it.

Sign in / Sign up

Export Citation Format

Share Document