Fuzzer
Fuzzer is small application or software for testing vulnerable application, The data-generation part is made of generators, and vulnerability identification relies on debugging tools, fuzzer can be contain bad character in payload to make application crash in the Buffer overflow case Fuzzer have position as bullet to direct shoot aplication to be hang or crash, in crash mode application can be controled by attacker with fuzzer.
Fuzzing
Fuzzing in computer is technique or method for testing other software weakness, fuzzing can to mean technique often automate or semi automated, that involves providing invalid, unexpected or random data input, the term first originates from Barton Miller at University of Wisconsin 1988, similiar technique have been used in the field of quality assurance, where are they refferd to as robustness tetsing, syntax testing or negative testing.
Application fuzzing is for testing a software is vulnerable or not with so many tachnique called attack vector, The advantage of fuzzing is that the test design is extremely simple, and free of preconceptions about system behavior, the systematical/random approach allows this method to find bugs that would have often been missed by human eyes. Plus, when the tested system is totally closed (say, a SIP phone), fuzzing is one of the only means of reviewing it's quality.
Fuzzing can add another point of view to classical software testing techniques (hand code review, debugging) because of it's non-human approach. It doesn't replace them, but is a reasonable complement, thanks to the limited work needed to put the procedure in place.
No comments:
Post a Comment