|
Sulley Fuzzing Framework
2007-10-19 09:10:00 I installed the Sulley Fuzzing Framework ( pdf | download ) when it was first released… unfortunately lack of time kept me from playing with it… in fact… I downloaded it again tonight because I’d forgotten that I’d installed it. Tonight I noticed a post to the fuzzing mailing list and decided to play around ...
By: ComputerDefense
Fuzzing virtual machines
2007-04-26 18:49:00 Security researcher Tavis Ormandy has published an interesting paper "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments" (PDF link) where he used a I/O fuzzer and random opcode generator to find anomalies in VMware and other virtualization products. Tested were VMware Workstation and VMware Server, Xen, QEMU, Bochs, plus two "popular ...
Fuzzing Test
2007-04-23 05:37:00 Fuzzing test é uma técnica que consiste em submeter à aplicação a todo tipo de input de forma estruturada buscando pelas mais variadas vulnerabilidades causadas por inputs indevidos. Apesar do grande número de ferramentas para realizar o teste de fuzzing, não lembro de ter visto nenhum desenvolvedor utilizar tal recurso. Felizmente tal teste é comum em fontes de informações relacionadas a segurança no desenvolvimento de aplicações. Inicialmente eu associava a baixa utilização a dificuldade de encontrar ferramentas e conteúdo relacionado, mas, pesquisando melhor e acompanhando algumas listas de discussão eu encontrei inúmeras ferramentas open source e bons tutoriais. Segue algumas referências:Uma análise do ciclo de vida do desenvolvimento da segurança na MicrosoftThe Art File Format FuzzingUsing Fuzzers in Software Testing
Fuzzing Tools
2007-01-23 21:48:03 Gadi Evron had a rather large list of fuzzing tools which were posted today to the fuzzing mailing list. The list included: zzuf - A transparent application input fuzzer. IPC Fuzzing Tools - A Collection of tools for fuzzing Windows Interprocess Communication mechanisms. jCUTE - A Java implementation of CUTE ( Concolic Unit Testing Engine ). A “productive way of combining fuzzing with static analysis”. Joxean’s Fuzzer - Two Python Fuzzers… One for PostgreSQL and one for Informix. Akathisia - A Windows RPC Fuzzer. I’m going to add WebFuzz… my series of cheesy Python scripts for fuzzing HTTP (to a minor extent). Other fuzzers that weren’t mentioned but that people should be aware of: FileFuzz - A Windows-based Graphical File Format Fuzzer from iDefense. COMRaider - A Tool designed to fuzz COM Object Interfaces from iDefense. SPIKEfile - A Linux-based file format fuzzer from iDefense. notSPIKEfile - A Linux-based file format fuzzer from iDef...
By: ComputerDefense
|
|
 |
|
 |
