Language Selection

English French German Italian Portuguese Spanish

Fuzz testing with zzuf

Filed under
HowTos

Fuzz testing, which uses random input to test software for bugs, has been the biggest thing to happen in IT security in quite awhile. Now you can quickly and easily direct your own fuzz testing ops, thanks to a cool little program called zzuf.

We can thank stupid users for the fuzz testing craze -- users who enter dates where dollar amounts are supposed to go, or digits where their names belong, or a ZIP code where a Social Security number is expected. Their lameness often results in instant breakage -- segfaults, overruns, all manner of crashes. And some of those crashes are perfect for exploiting, allowing black hats to gain access to systems or data -- like the Wi-Fi vulnerabilities that were almost disclosed at BlackHat about this time last year, for example, which were discovered by fuzz testing the Wi-Fi drivers with unexpected data.

Fuzz testing throws anything and everything, and sometimes nothing at all, at applications expecting data of a certain size, shape, or format. Many programs are more stable and secure today because of the hidden flaws found with fuzz testing.

More Here




More in Tux Machines

Parted Magic 2014.11.19 Now Has Boot Repair Option

Parted Magic is a Linux distribution that features numerous tools for disk management, such as GParted and Parted. It’s one of the best distros of its kind, but also a commercial OS. Read more

With Assembly, anyone can contribute to open-source software and actually get paid

The open-source movement has produced some of the most widely utilized software in the world, a huge economic value driven by a widely dispersed community who believe contributing good work is often its own reward. Outside of the world of computer science, however, these strategies are still relatively niche. A San Francisco startup called Assembly is trying to change all that, by evolving the open-source model to easily incorporate disciplines outside coding and to include a shared profit motive as well. Today the company is announcing a $2.9 million round of funding it will use to help expand its platform. Read more

French, German, Dutch and Italian hackathons fuel UK ODF plugfest

Hackathons in Toulouse (France), Munich (Germany), Woerden (the Netherlands) and Bologna (Italy) involving software developers and public administrations, are providing input for the ODF Plugfest taking place in London on 8 and 9 December. The first four meetings involve developers working on the Open Document Format ODF and the LibreOffice suite of office productivity tools. The ODF Plugfest brings together multiple implementers and stakeholders of this document standard. The plugfest is aimed at increasing interoperability, tests implementations and discuss new features. Read more

Europe Commission approves Tradeshift data format for goverment purchasing

A product of OASIS, the Organization for the Advancement of Structured Information Standards, UBL was developed in a transparent standards-setting process over a period of 13 years by hundreds of leading business experts. OASIS is the same organization that created ODF, the Open Document Format (ISO/IEC 26300), a widely used International Standard for word processing. Read more