Language Selection

English French German Italian Portuguese Spanish

Fuzz testing with zzuf

Filed under
HowTos

Fuzz testing, which uses random input to test software for bugs, has been the biggest thing to happen in IT security in quite awhile. Now you can quickly and easily direct your own fuzz testing ops, thanks to a cool little program called zzuf.

We can thank stupid users for the fuzz testing craze -- users who enter dates where dollar amounts are supposed to go, or digits where their names belong, or a ZIP code where a Social Security number is expected. Their lameness often results in instant breakage -- segfaults, overruns, all manner of crashes. And some of those crashes are perfect for exploiting, allowing black hats to gain access to systems or data -- like the Wi-Fi vulnerabilities that were almost disclosed at BlackHat about this time last year, for example, which were discovered by fuzz testing the Wi-Fi drivers with unexpected data.

Fuzz testing throws anything and everything, and sometimes nothing at all, at applications expecting data of a certain size, shape, or format. Many programs are more stable and secure today because of the hidden flaws found with fuzz testing.

More Here




More in Tux Machines

Second Alpha Build of Liquid Lemur Linux 2.0 Brings LibreOffice 5, Based on Debian 8

Edward Snyder, the creator and maintainer of the Debian-based Liquid Lemur Linux distribution, has announced the release and immediate availability for download of the second Alpha build of the upcoming Liquid Lemur Linux 2.0 distro. Read more

Manjaro Linux 0.8.13.1 Fluxbox Edition Gets Linux Kernel 4.1 LTS, Download Now

The Manjaro Linux team, through Bernhard Landauer, has proudly announced the release of an updated version of the Manjaro Linux Fluxbox Edition, namely 0.8.13.1, which features an updated Linux kernel and numerous improvements. Read more

NVIDIA reveals GPUs for blade servers, Linux desktop support

VMworld 2015 NVIDIA has announced the second version of its Grid desktop virtualisation software, complete with a pair of GPUs for blade servers. NVIDIA is pitching GRID as a hardware offering tuned to the needs of graphically-demanding desktop virtualisation (VDI) workloads. If that sounds a bit exotic, consider environments like the resources industry, where on-site engineers need CAD and modelling tools, but miners are loathe to deploy desktops in the remote sites where stuff gets dug out of the ground. VDI works a treat in such spots. Read more

GNU Linux-libre 4.2-gnu is now available

Many new drivers required cleaning of their blob-requesting-and-loading machinery. Various others needed deblobbing updates due to blob name changes and false positives. Read more Also: