Open Source Fuzzing Tools
Examining the fuzz testing transition from a hacker-grown tool to a commercial-grade product, this text explains how Fuzzing finds vulnerabilities, serves as a QA tool, how it works within the Development Process, and more.
TABLE OF CONTENTS Open Source Fuzzing Tools
Setting Expectations for Fuzzers in a Software Development Lifecycle
While fuzzers are certainly a great way to find bugs in many different applications, expectations should be set appropriately on their effectiveness. Having that knowledge will better equip you when integrating fuzzing into your development lifecycle.
Fuzzing as a Panacea
Hip hip hooray! Fuzzers have gotten a lot of press lately, with some folks saying that fuzzers can and will find all application flaws. Put simply, this is now and never will be true. Fuzzers will continue to find more types of flaws and will become better at choosing what tests to execute and when, but there is no way a fuzzer will find all the vulnerabilities in an application with a moderately sized attack surface.
What Fuzzers Won't Find
To expand on the topic of don't bet the farm that fuzzers will find everything, we'd like to share a few instances where fuzzers typically have a hard time. That's not to say they could never find these types of bugs, but most fuzzers today do not. Here's a small list of some typical bugs not found by fuzzers:
-
Logical flaws We've never met a fuzzer that was able to find logical flaws on a given application without intervention on the part of the person running the fuzzer. Let's say you're testing some sort of session identifier issued by the server to the client and sent by the client in subsequent requests for the server to determine who you are.
Copyright Elsevier, Inc. 2007 under license agreement with Books24x7
