FUZZER / FUZZI IS ?

FUZZER / FUZZI IS ?


Security fuzzer is a tool used by security professionals to test the parameters of the application. Fuzzers Typical test applications for buffer overflows, format stringvulnerabilities, and error handling. Fuzzers incorporate more advanced functions to test fordirectory traversal attacks, command execution vulnerabilities, SQL Injection and CrossSite Scripting vulnerabilities. Web vulnerability scanners typically perform all these functions, and can be considered as advanced fuzzer.



Fuzzing programs fall into two different categories. Mutation based fuzzers mutate existing data samples to create test data while generation based fuzzers define new test data based on models of the input.[1]
The simplest form of fuzzing technique is sending a stream of random bits to software, either as command line options, randomly mutated protocol packets, or as events. This technique of random inputs still continues to be a powerful tool to find bugs in command-line applications, network protocols, and GUI-based applications and services. Another common technique that is easy to implement is mutating existing input (e.g. files from a test suite) by flipping bits at random or moving blocks of the file around. However, the most successful fuzzers have detailed understanding of the format or protocol being tested.


The understanding can be based on a specification. A specification-based fuzzer involves writing the entire array of specifications into the tool, and then using model-based test generation techniques in walking through the specifications and adding anomalies in the data contents, structures, messages, and sequences. This "smart fuzzing" technique is also known as robustness testing, syntax testing, grammar testing, and (input) fault injection.[10][11][12][13] The protocol awareness can also be created heuristically from examples using a tool such as Sequitur.[14] These fuzzers can generate test cases from scratch, or they can mutate examples from test suites or real life. They can concentrate on valid or invalid input, with mostly-valid input tending to trigger the "deepest" error cases.
There are two limitations of protocol-based fuzzing based on protocol implementations of published specifications: 1) Testing cannot proceed until the specification is relatively mature, since a specification is a prerequisite for writing such a fuzzer; and 2) Many useful protocols are proprietary, or involve proprietary extensions to published protocols. If fuzzing is based only on published specifications, test coverage for new or proprietary protocols will be limited or nonexistent.


Fuzz testing can be combined with other testing techniques. White-box fuzzing uses symbolic execution and constraint solving.[15] Evolutionary fuzzing leverages feedback from code coverage,[16] effectively automating the approach of exploratory testing.