Test case similarity based fuzzing
Information technology is growing rapidly. Along with the rapid advancements, a large number of software security violations are taking place, which are causing an overwhelming impact on the organizations and the individuals. In the past few years many methods have been proposed to identify and prevent weaknesses in software programs. “Fuzzing was first proposed by Miller et.al in the year 1990 to detect software vulnerabilities” (Zhang, Liu, Lei, Kung, Csallner, Nystrom & Wang, 2012, p.102). In the process of detecting vulnerabilities the program inputs are changed to form different inputs to identify the various possible paths present in the program. The run time behavior of the programs are monitored on the different inputs to detect exceptions. If any exceptions are found then it can be said that weaknesses are present in the program and the software program is vulnerable.
There are two different kinds of fuzzing namely black box and white box fuzzing. Black box testing does not take the program source code into consideration. It is only used to identify weaknesses in the different inputs that can be given to the program. Whereas, white box testing is used to test all the different possible paths of a program. However many challenges exist for both the categories of fuzzing. According to Zhang et.al, (2012) white box testing fails in identifying the paths that contain complex data structures and unsolvable branch conditions and black box testing fails in testing complex program semantics which are deeper (p.103).
Therefore, to address the challenges of the two kinds of testing Zhang et.al, (2012) proposed a two stage fuzzing process to effectively test complex program semantics (p.103). The...
... middle of paper ...
...to detect security vulnerabilities. Whereas, binary level extensions can be placed, vulnerabilities can be modified with application of non-parallel statistical tests which makes the fuzzing process efficient in determining the weaknesses in the software programs and in identification of bugs.
References
Anon., 2011a. Available: http://nvd.nist.gov (Online).
Ganesh, V., Leek, T., Rinard, M., 2009. Taint-based directed white box fuzzing. In:
Proceedings of the IEEE 31st International Conference on Software Engineering
(ICSE).
Godefroid, P., Levin, M.Y., Molnar, D., 2008. Automated white box fuzz testing. In:
Proceedings of the Network and Distributed Systems Security (NDSS).
Zhang, D., Liu, D., Lei, Y., Kung, D., Csallner, C., Nystrom, N., Wang, W. (2012). Sim Fuzz:
Test case similarity based deep fuzzing, The Journal of Systems and Software, 85,102-
111.
Suresh, G., Horbar, J., Plsek, P., Gray, J., Edwards, W., Shiono, P., & ... Goldmann, D. (2004).
One of the main functions I will be using is variables, and so I needed to test how they worked.
Tadić, A., Wagner, S., Hoch, J., Başkaya, Ö., von Cube, R., Skaletz, C., ... & Dahmen, N. (2009).
Van Nuffelen, G., De Bodt, M., Vanderwegen, J., Van de Heyning, P., & Wuyts, F. (2010).
9.Wang, P. S., Gruber, M. J., Powers, R. E., Schoenbaum, M., Speier, A. H., Wells, K. B., &
Tackett, J. L., Lahey, B. B., van Hulle, C., Waldman, I., Krueger, R. F., & Rathouz, P. J. (2013).
The attacks highlight the shortcomings in the system, trace them and correct the problem. Almost all major IT firms, defense systems and Cyber related organizations imply these methods in their security prevention mechanisms.
Vulnerability scanning security software can combat system based threats while maintaining compliance and securing critical IT assets. This paper will look at vulnerability scanning security and discuss what it is, its value to the organization, integration with the current IT infrastructure as well as vender vulnerabil...
There are many solutions to these problems, but none of them are easily implemented. Each area of testing should be heavily modified. In math, for example, there is a str...
[15] T. J. Klevinsky, Scott Laliberte, and Ajay Gupta. (2002). Hack I.T.: Security Through Penetration Testing. Addison-Wesley Professional.
Faircloth J, Beale J, Temmingh R, Meer H, van der Walt C, Moore HD (2006) Penetration Testers Open Source Toolkit.
Saporito, B., Schuman, M., Szczesny, J. R., Altman, A., (2010). Time, 2/22/2010, Vol. 175 Issue 7, p26-30, 5p.
“ Prevention is better than cure ”, if computer users are aware of Malware attacks, they may prevent those attacks . So, in this research paper i am going to focus on Malware and Protecting Against Malware.
Barker, V., Giles, H., Hajek, C., Ota, H., Noels, K., Lim, T-S., & Somera, L. (2008).
Software testing is the “process of executing a software system to determine whether it matches its specification and executes in its intended environment” (Whittaker 71). It is often associated with locating bugs, program defects, faults in the source code, which cause failures during execution that need to be removed from the program. Locating and removing these defects is called debugging, which is different from the testing that establishes the existence of these defects. Specifications are crucial to testing because they identify correct behavior so that software failures corresponding to incorrect behavior can be identified. Failures can vary in their nature ranging from wrong output, system crash to systems using too much memory or executing too slowly. These Bugs in software can be due to untested code executed, u...