Fuzzing Flashcards

1
Q

How does fuzzing work?

A

Check for software vulnerabilities through dynamic testing:

  • automatically generate so-called fuzz test cases
  • monitor target program for security-related bugs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the three different classes of fuzzing

A
  • black-box fuzzing: check if a fuzz test crashed the target program
  • white-box fuzzing: use heavyweight program and runtime analysis
  • grey-box fuzzing: use lightweight analysis techniques such as code coverage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What different input generation techniques are there?

A
  • Random generation
  • Model-based input generation (either predefined or inferred model: specification mining)
  • Mutation-based Input Generation (start with initial kernel of valid seed inputs, use mutation operators: bit-flipping, arithmetic / block-based dictionary based, crossover)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does execution monitoring work?

A

When does a fuzz test violate security policy?

  • termination with a fatal signal
  • many memory errors automatically detected by OS
  • sanitizers can find more errors: address sanitizers, UB sanitizers, thread sanitizers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly