Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

Similar presentations


Presentation on theme: "By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution."— Presentation transcript:

1 By Skyler Onken

2  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution  Solution  Enumeration Engine  Fuzzing Engine  Client  Demo  Remaining Issues  Future Improvements  Q/A

3  Skyler Onken  BYU-Idaho Student (CIT)  Contingent Staff w/ LDS Church (QA)  Penetration Tester w/ SecureGossip Initiative  Security BYU-Idaho Linux User Group  Security+, CEH, ECSA 

4  OWASP Definition:  “Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.”

5  Wikipedia  “Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.”

6  Synonyms  Robustness Testing  Syntax Testing  Negative Testing  White-Noise Testing

7  File Formats  Network Protocols  Trust Boundary Crossing Software  Desktop Applications  Client Software  Web Applications  Web Services

8  Specification-based  Random data  PRNG  Bit flipping

9  Crashes  Memory Leaks  Assertion Failures  Buffer (Stack and Heap based) Overflows  Parsing Errors

10  Find simple bugs  Black-Box  Strong dependency on seed

11  Another point of view of testing  If its automated, why not?  Recent Fuzzing Successses:  Apple Wireless flaw DoS (MOKB )  Month of Browser Bugs: ▪ IE: 25 ▪ Safari: 2 ▪ Firefox: 2 ▪ Opera: 1 ▪ Konquerer: 1

12  Enumeration  Massively deep and expansive  Ajax Problem  Most elements can be bound to dynamic action  Results  Detecting errors is difficult beyond checking return code  Possibly use baselines?

13  Rune Hammersland pioneered semi-automation  Join together enumeration and fuzzing  The AJAX problem  Frameworks exist, but lack functionality  Peach  Sulley  RFuzz  Some tools exist, but not automated  Spike  WSFuzz  JBroFuzz  Wfuzz

14  Easily and Fully Automated  Web Applications and Services  Reproducible Errors  Easy Reporting  “Fire and Forget”  AJAX

15 Client/Applet Enumeration engine Fuzzer Server

16  Detects target type (app, soap, rest)  Will generate variations of enumerated test cases:  Crawljax (applications) ▪ Implements Selenium Web Driver ▪ Programmatically define HTML tags to exercise ▪ var2=normalValue  SoapUI API (services) ▪ Enumerates the WSDL/WADL for operations/resources

17 Web Application Fuzzer Crawler SOAP Test Cases

18  Modular  Enables intelligence  Utilizes RC4  Reproducible  Handles requests and results  Results: != 200  Output to file; Database pending.

19 Fuzzing Engine Controller Module 3 Module 2 Module 1 Bad Chars Web Server

20  Java Applet

21

22

23  JVM Memory  Seed  Captchas  Automated Analysis

24  Smarter Fuzzing  Automated Analysis  REST  Dictionary Support  DB 

25


Download ppt "By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution."

Similar presentations


Ads by Google