ADVANCED FUZZY SERVICES
Uncovering these deep security issues is more critical than ever, and VDA can help bring fuzz testing into your software security program to help discover issues and more. The team at VDA has a rich background working with fuzzing – in fact our founder, Dr.Jared DeMott, wrote his PHD thesis on “Enhancing Automated Fault Discovery and Analysis” and has since co-authored a book on the topic, “Fuzzing for Software Security Testing and Quality Assurance“. We also regularly teach fuzzing techniques as a part of our Application Security for Hackers and Developers course – a world class training course offered at Black Hat and other information security conferences.
ADVANCED FUZZING EXPLAINED
Fuzz testing began with a simple set of options – mutation (changing an existing input) vs. generation (creating new inputs from scratch). Now, however, there are many more options – protocol fuzzers can target network services, smart fuzz testers know something about the format they are fuzzing to try to be more targeted, and the best fuzzers use some degree of instrumentation to guide their progress of testing in order to exercise all branches of code (known as code coverage). Even more importantly – you have to go big. The best fuzzing systems today utilize massive parallel scaling to cover more test cases in a shorter period of time. This adds more complexity in terms of reporting crashes and triage, but gains much better coverage via the capability of running millions of test cases in a short period of time.
The VDA team of experts has deep knowledge of modern fuzzing practices. This means knowing what type of fuzzer can be used where, having the ability to create custom fuzzers for new protocols, or instrumenting binaries to assess vulnerabilities with LibFuzzer or AFL.
Below are some examples from our blog showing this:
- Creating a BACnet fuzzer with BooFuzz
- Using MSRD to find 0day
- Creating MSRD test harnesses
WHAT SORTS OF ISSUES CAN FUZZ TESTING FIND?
Software bugs can lay latent in code for years or even decades without detection – one example of this was the ShellShock vulnerability – which existed in the BASH shell for 25 years! That said, the goal of fuzzing is to exercise code in a way that discovers latent issues in a much shorter timeframe. While not every bug identified by fuzzing is necessarily a security nightmare, any developer worth their salt will also be interested in some of the other issues commonly found through fuzzing.
The overall picture includes:
- Security Exposures / Vulnerabilities
- Denial of Service Conditions (DoS)
- Performance Degradations
- Anomalous Behavior