Fuzz testing is an automated technique providing random data as input to a software system in the hope to expose a vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks; a JavaScript interpreter, for instance, would only accept a semantically valid program. On the other hand, the fuzzed input must be uncommon enough to trigger exceptional behavior, such as a crash of the interpreter. The LangFuzz approach resolves this conflict by using a grammar to randomly generate valid programs; the code fragments, however, partially stem from programs known to have caused invalid behavior before. Lang- Fuzz is an effective tool for security testing. Applied on the Mozilla JavaScript interpreter, it discovered a total of 105 new severe vulnerabilities within three months of operation (and thus became one of the top security bug bounty collectors within this period); applied on the PHP interpreter, it discovered 18 new defects causing crashes.

C. Holler, K. Herzig, and A. Zeller, “Fuzzing with code fragments,” in Proceedings of the 21st usenix conference on security symposium, Berkeley, CA, USA, 2012, pp. 38-38.

title = {Fuzzing with Code Fragments},
author={Christian Holler and Kim Herzig and Andreas Zeller},
series = {Security'12},
year = {2012},
location = {Bellevue, WA},
pages = {38--38},
numpages = {1},
month = {August},
booktitle = {Proceedings of the 21st USENIX Conference on Security Symposium},
acmid = {2362831},
publisher = {USENIX Association},
address = {Berkeley, CA, USA}

Download author PDF.
The author PDF is posted here by permission of USENIX Association for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 21st usenix conference on security symposium .

View the talk online


No Comment

Comments are closed.