Fuzzing
Fuzzing (Sutton et al. 2007) is currently the most popular vulnerability discovery technique. Fuzzing was first proposed by Barton Miller at the University of Wisconsin in 1990s. Conceptually, a fuzzing test starts with generating massive normal and abnormal inputs to target applications, and try to detect exceptions by feeding the generated inputs to the target applications and monitoring the execution states. Compared with other techniques, fuzzing is easy to deploy and of good extensibility and applicability, and could be performed with or without the source code. Besides, as the fuzzing test is performed in the real execution, it gains a high accuracy. What’s more, fuzzing requires few knowledge of target applications and could be easily scaled up to large scale applications. Though fuzzing is faced with many disadvantages such as low efficiency and low code coverage, however, outweighed the bad ones, fuzzing has become the most effective and efficient state-of-the-art vulnerability discovery technique currently.
模糊測試(Sutton等,2007)是目前最流行的漏洞發現技術。模糊測試最早是由威斯康星大學的Barton Miller于1990年代提出的。
從概念上講,模糊測試從為目标應用程式生成大量正常和異常輸入開始,并嘗試通過将生成的輸入饋送到目标應用程式并監視執行狀态來檢測異常。與
其他技術相比,模糊測試易于部署并且具有良好的可擴充性和适用性,并且可以在有或沒有源代碼的情況下執行。
此外,由于模糊測試是在實際執行中執行的,是以它具有很高的準确性。
而且,模糊測試幾乎不需要了解目标應用程式,并且可以輕松擴充到大型應用程式。
盡管模糊處理面臨許多缺點,例如效率低和代碼覆寫率低,
但是,缺點卻勝過弊端,但模糊處理已成為目前最有效,最高效的最新漏洞發現技術。
The working process is composed of four main stages,
- the testcase generation stage,
- testcase running stage,
- program execution state monitoring
- analysis of exceptions.
工作過程包括四個主要階段,
測試用例生成階段,
測試用例的運作階段,
程式執行狀态監控
Table 1 shows the advantages and disadvantages of different techniques.
表1顯示了不同技術的優缺點。
