Abstract
This article compares security fuzzing approaches with respect to different characteristics commenting on their pro and cons concerning both their potential for exposing vulnerabilities and the expected effort required to do so. These preliminary considerations based on abstract reasoning and engineering judgement are subsequently confronted with experimental evaluations based on the application of three different fuzzing tools characterized by diverse data generation strategies on examples known to contain exploitable buffer overflows. Finally, an example inspired by a real-world application illustrates the importance of combining different fuzzing concepts in order to generate data in case fuzzing requires the generation of a plausible sequence of meaningful messages to be sent over a network to a software-based controller as well as the exploitation of a hidden vulnerability by its execution.
Author supplied keywords
Cite
CITATION STYLE
Al Sardy, L., Neubaum, A., Saglietti, F., & Rudrich, D. (2019). Comparative Evaluation of Security Fuzzing Approaches. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11699 LNCS, pp. 49–61). Springer Verlag. https://doi.org/10.1007/978-3-030-26250-1_4
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
