Test case similarity based fuzzing
Information technology is growing rapidly. Along with the rapid advancements, a large number of software security violations are taking place, which are causing an overwhelming impact on the organizations and the individuals. In the past few years many methods have been proposed to identify and prevent weaknesses in software programs. “Fuzzing was first proposed by Miller et.al in the year 1990 to detect software vulnerabilities” (Zhang, Liu, Lei, Kung, Csallner, Nystrom & Wang, 2012, p.102). In the process of detecting vulnerabilities the program inputs are changed to form different inputs to identify the various possible paths present in the program. The run time behavior of the programs are monitored on the different inputs to detect exceptions. If any exceptions are found then it can be said that weaknesses are present in the program and the software program is vulnerable.
There are two different kinds of fuzzing namely black box and white box fuzzing. Black box testing does not take the program source code into consideration. It is only used to identify weaknesses in the different inputs that can be given to the program. Whereas, white box testing is used to test all the different possible paths of a program. However many challenges exist for both the categories of fuzzing. According to Zhang et.al, (2012) white box testing fails in identifying the paths that contain complex data structures and unsolvable branch conditions and black box testing fails in testing complex program semantics which are deeper (p.103).
Therefore, to address the challenges of the two kinds of testing Zhang et.al, (2012) proposed a two stage fuzzing process to effectively test complex program semantics (p.103). The...
... middle of paper ...
...to detect security vulnerabilities. Whereas, binary level extensions can be placed, vulnerabilities can be modified with application of non-parallel statistical tests which makes the fuzzing process efficient in determining the weaknesses in the software programs and in identification of bugs.
References
Anon., 2011a. Available: http://nvd.nist.gov (Online).
Ganesh, V., Leek, T., Rinard, M., 2009. Taint-based directed white box fuzzing. In:
Proceedings of the IEEE 31st International Conference on Software Engineering
(ICSE).
Godefroid, P., Levin, M.Y., Molnar, D., 2008. Automated white box fuzz testing. In:
Proceedings of the Network and Distributed Systems Security (NDSS).
Zhang, D., Liu, D., Lei, Y., Kung, D., Csallner, C., Nystrom, N., Wang, W. (2012). Sim Fuzz:
Test case similarity based deep fuzzing, The Journal of Systems and Software, 85,102-
111.
Suresh, G., Horbar, J., Plsek, P., Gray, J., Edwards, W., Shiono, P., & ... Goldmann, D. (2004).
Tackett, J. L., Lahey, B. B., van Hulle, C., Waldman, I., Krueger, R. F., & Rathouz, P. J. (2013).
Tadić, A., Wagner, S., Hoch, J., Başkaya, Ö., von Cube, R., Skaletz, C., ... & Dahmen, N. (2009).
Van Nuffelen, G., De Bodt, M., Vanderwegen, J., Van de Heyning, P., & Wuyts, F. (2010).
One of the main functions I will be using is variables, and so I needed to test how they worked.
9.Wang, P. S., Gruber, M. J., Powers, R. E., Schoenbaum, M., Speier, A. H., Wells, K. B., &
The attacks highlight the shortcomings in the system, trace them and correct the problem. Almost all major IT firms, defense systems and Cyber related organizations imply these methods in their security prevention mechanisms.
There are many solutions to these problems, but none of them are easily implemented. Each area of testing should be heavily modified. In math, for example, there is a str...
Vulnerability scanning security software can combat system based threats while maintaining compliance and securing critical IT assets. This paper will look at vulnerability scanning security and discuss what it is, its value to the organization, integration with the current IT infrastructure as well as vender vulnerabil...
Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. This report will Discuss “Penetration Testing” as a means of strengthening a corporate network’s security. This report is divided into three parts. Introduction will give you a brief and basic overview of Penetration Testing and why we need Penetration Testing, The second part is the technical breakdown explains The strategy, model and type of Penetration Testing. In the conclusion, we will discuss both the value and limitation of Penetration Testing.
Faircloth J, Beale J, Temmingh R, Meer H, van der Walt C, Moore HD (2006) Penetration Testers Open Source Toolkit.
Saporito, B., Schuman, M., Szczesny, J. R., Altman, A., (2010). Time, 2/22/2010, Vol. 175 Issue 7, p26-30, 5p.
“ Prevention is better than cure ”, if computer users are aware of Malware attacks, they may prevent those attacks . So, in this research paper i am going to focus on Malware and Protecting Against Malware.
Barker, V., Giles, H., Hajek, C., Ota, H., Noels, K., Lim, T-S., & Somera, L. (2008).
Software testing is the “process of executing a software system to determine whether it matches its specification and executes in its intended environment” (Whittaker 71). It is often associated with locating bugs, program defects, faults in the source code, which cause failures during execution that need to be removed from the program. Locating and removing these defects is called debugging, which is different from the testing that establishes the existence of these defects. Specifications are crucial to testing because they identify correct behavior so that software failures corresponding to incorrect behavior can be identified. Failures can vary in their nature ranging from wrong output, system crash to systems using too much memory or executing too slowly. These Bugs in software can be due to untested code executed, u...