The fuzzer takes a starting, or "seed," file, mutates it, and opens it using the target application while monitoring that application for a crash. I used a Python-based mutational fuzzing framework for Microsoft Windows. Fuzz testing can be used as one measure of the number of vulnerabilities that an application may contain. Depending on the specific circumstances of a crash, these bugs may also result in vulnerabilities that allow an attacker to execute arbitrary code. Every bug that results in a crash has the potential of being a vulnerability. Also included are some other aspects of the Office suites that can affect the software's security.įuzz testing is a dynamic software testing technique that can be used to find bugs that result in the crashing of an application. This blog entry contains the results from a similar test that I performed in November 2010. Recently, Dan Kaminsky published a blog entry that compared the fuzzing resiliency of Microsoft Office and Oracle OpenOffice.
0 Comments
Leave a Reply. |