ADVANCED FUZZY SERVICES
Fuzzing is an advanced form of DAST (Dynamic Application Security Testing) that is used by many of the worlds leading software development organizations to discover issues in their code. Fuzz testing finds errors in software in a way that human driven testing simply can’t – by testing millions or more variations of different input that can be given to a piece of code to detect crashes, bugs, and security vulnerabilities.
Uncovering these deep security issues is more critical than ever, and VDA can help bring fuzz testing into your software security program to help discover issues and more. The team at VDA has a rich background working with fuzzing – in fact our founder, Dr. Jared DeMott, wrote his PHD thesis on “Enhancing Automated Fault Discovery and Analysis” and has since co-authored a book on the topic, “Fuzzing for Software Security Testing and Quality Assurance“. We also regularly teach fuzzing techniques as a part of our Application Security for Hackers and Developers course – a world class training course offered at Black Hat and other information security conferences.
ADVANCED FUZZING EXPLAINED
Fuzz testing began with a simple set of options – mutation (changing an existing input) vs. generation (creating new inputs from scratch). Now, however, there are many more options – protocol fuzzers can target network services, smart fuzz testers know something about the format they are fuzzing to be more targeted, and the best fuzzers use some degree of instrumentation to guide their progress of testing in order to exercise all branches of code (known as code coverage). Even more importantly – you have to go big. The best fuzzing systems today utilize parallel scaling to cover more test cases in a shorter period of time. This adds more complexity in terms of reporting crashes and triage, but gains much better coverage via the capability of running millions of test cases in a short period of time.
The VDA team of experts has deep knowledge of modern fuzzing practices. This means knowing what type of fuzzer can be used where, having the ability to create custom fuzzers for new protocols, or instrumenting binaries to assess vulnerabilities with LibFuzzer or AFL.
Below are some examples from our blog showing this:
WHAT SORTS OF ISSUES CAN FUZZ TESTING FIND?
Software bugs can lay latent in code for years or even decades without detection – one example of this was the ShellShock vulnerability – which existed in the BASH shell for 25 years! That said, the goal of fuzzing is to exercise code in a way that discovers latent issues in a much shorter timeframe. While not every bug identified by fuzzing is necessarily a security nightmare, any developer worth their salt will also be interested in some of the other issues commonly found through fuzzing.
The overall picture includes:
- Security Exposures / Vulnerabilities
- Denial of Service Conditions (DoS)
- Performance Degradations
- Anomalous Behavior
INTERESTED IN ADVANCED APP SEC THROUGH FUZZING?
VDA Labs is honored to share our fuzzing expertise via partnership with ForAllSecure and Microsoft. We help customers deploy, harness, and utilize advanced tools like Mayham and MSRD. Also as part of our AppSec-as-a-Service practice, we help customers intigrate DAST tools like fuzzers into CI/CD.