Language Selection

English French German Italian Portuguese Spanish

Fuzz testing with zzuf

Filed under
HowTos

Fuzz testing, which uses random input to test software for bugs, has been the biggest thing to happen in IT security in quite awhile. Now you can quickly and easily direct your own fuzz testing ops, thanks to a cool little program called zzuf.

We can thank stupid users for the fuzz testing craze -- users who enter dates where dollar amounts are supposed to go, or digits where their names belong, or a ZIP code where a Social Security number is expected. Their lameness often results in instant breakage -- segfaults, overruns, all manner of crashes. And some of those crashes are perfect for exploiting, allowing black hats to gain access to systems or data -- like the Wi-Fi vulnerabilities that were almost disclosed at BlackHat about this time last year, for example, which were discovered by fuzz testing the Wi-Fi drivers with unexpected data.

Fuzz testing throws anything and everything, and sometimes nothing at all, at applications expecting data of a certain size, shape, or format. Many programs are more stable and secure today because of the hidden flaws found with fuzz testing.

More Here




More in Tux Machines

EC publishes open source code of legislation editor

The European Commission is about to make available as open source a prototype of LEOS, a software solution for drafting and automatic processing of legal texts. The software currently supports legal texts issued by the EC, yet can be extended to support other legislative processes. Read more

Lenovo ThinkPad L450 comes with Ubuntu

Canonical, the commercial sponsor of Ubuntu, has announced that Lenovo will start shipping Ubuntu preloaded devices starting with ThinkPad L450 laptop series this month. The laptops will be on sale at selected commercial resellers and distributors at Rs 40,000. Read more

Leftovers: Kernel

openSUSE Leap 42 Is a New Version That Will Change the openSUSE Project

The openSUSE community has spoken, and the name and version of the new openSUSE release have been chosen. The project is undergoing some major changes, and they had to illustrate that with a name that sells it. Read more