Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution.

Published byGary Rake Modified over 9 years ago

Similar presentations

Presentation on theme: "By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution."— Presentation transcript:

1 By Skyler Onken

2  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution  Solution  Enumeration Engine  Fuzzing Engine  Client  Demo  Remaining Issues  Future Improvements  Q/A

3  Skyler Onken  BYU-Idaho Student (CIT)  Contingent Staff w/ LDS Church (QA)  Penetration Tester w/ SecureGossip Initiative  Security Trainer @ BYU-Idaho Linux User Group  Security+, CEH, ECSA  http://securityreliks.securegossip.com

4  OWASP Definition:  “Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.” http://www.owasp.org/index.php/Fuzzing

5  Wikipedia  “Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.” http://en.wikipedia.org/wiki/Fuzz_testing

6  Synonyms  Robustness Testing  Syntax Testing  Negative Testing  White-Noise Testing

7  File Formats  Network Protocols  Trust Boundary Crossing Software  Desktop Applications  Client Software  Web Applications  Web Services

8  Specification-based  Random data  PRNG  Bit flipping

9  Crashes  Memory Leaks  Assertion Failures  Buffer (Stack and Heap based) Overflows  Parsing Errors

10  Find simple bugs  Black-Box  Strong dependency on seed

11  Another point of view of testing  If its automated, why not?  Recent Fuzzing Successses:  Apple Wireless flaw DoS (MOKB-30-11-2006)  Month of Browser Bugs: ▪ IE: 25 ▪ Safari: 2 ▪ Firefox: 2 ▪ Opera: 1 ▪ Konquerer: 1

12  Enumeration  Massively deep and expansive  Ajax Problem  Most elements can be bound to dynamic action  Results  Detecting errors is difficult beyond checking return code  Possibly use baselines?

13  Rune Hammersland pioneered semi-automation  Join together enumeration and fuzzing  The AJAX problem  Frameworks exist, but lack functionality  Peach  Sulley  RFuzz  Some tools exist, but not automated  Spike  WSFuzz  JBroFuzz  Wfuzz

14  Easily and Fully Automated  Web Applications and Services  Reproducible Errors  Easy Reporting  “Fire and Forget”  AJAX

15 Client/Applet Enumeration engine Fuzzer Server

16  Detects target type (app, soap, rest)  Will generate variations of enumerated test cases:  Crawljax (applications) ▪ Implements Selenium Web Driver ▪ Programmatically define HTML tags to exercise ▪ http://my.webapp.here/func?var1=normalValue& var2=normalValue  SoapUI API (services) ▪ Enumerates the WSDL/WADL for operations/resources

17 Web Application Fuzzer Crawler SOAP Test Cases

18  Modular  Enables intelligence  Utilizes RC4  Reproducible  Handles requests and results  Results: != 200  Output to file; Database pending.

19 Fuzzing Engine Controller Module 3 Module 2 Module 1 Bad Chars Web Server

20  Java Applet

21

22

23  JVM Memory  Seed  Captchas  Automated Analysis

24  Smarter Fuzzing  Automated Analysis  REST  Dictionary Support  DB  http://code.google.com/p/fuzzops/ http://code.google.com/p/fuzzops/

25

Download ppt "By Skyler Onken.  Who am I?  What is Fuzzing?  Usual Targets  Techniques  Results  Limitations  Why Fuzz?  “Fuzzing the Web”?  Desired Solution."

Similar presentations

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.

An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Pubman and Selenium tests. What is Selenium Selenium is a suite of Web application test automation tools for any browser on any operating system –Firefox,

Pubman and Selenium tests. What is Selenium Selenium is a suite of Web application test automation tools for any browser on any operating system –Firefox,
Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.

Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.
The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University

The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University
Biswajit Mazumder Rohit Hooda Arpan Chowdhary.  What is Fuzzing?  Fuzzing techniques  Types of Fuzzing  Fuzzing explained  Case study and changes:

Biswajit Mazumder Rohit Hooda Arpan Chowdhary.  What is Fuzzing?  Fuzzing techniques  Types of Fuzzing  Fuzzing explained  Case study and changes:
Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Software Freedom Day 2007 14th September 2007 Asia Pacific Institute of Information Technology Colombo, Sri Lanka. Nazly Ahmed Scripting The Web.

Software Freedom Day th September 2007 Asia Pacific Institute of Information Technology Colombo, Sri Lanka. Nazly Ahmed Scripting The Web.
Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Fuzzing Dan Fleck CS 469: Security Engineering Sources:
Embedded Network Controller with Web Interface Bradley University Department of Electrical & Computer Engineering By: Ed Siok Advisor: Dr. Malinowski.

Embedded Network Controller with Web Interface Bradley University Department of Electrical & Computer Engineering By: Ed Siok Advisor: Dr. Malinowski.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
Automated Testing Nathan Weiss April 23, 2007. Overview History of Testing Advantages to Automated Testing Types of Automated Testing Automated Testing.

Automated Testing Nathan Weiss April 23, Overview History of Testing Advantages to Automated Testing Types of Automated Testing Automated Testing.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Similar presentations

Ads by Google