2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet635/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   631   632   633   634   635   636   637   638   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Mutation (Dumb) Fuzzing
Takes previous input values from actual operation of the soft-
ware and manipulates (or mutates) it to create fuzzed input. It might alter the characters of 
the content, append strings to the end of the content, or perform other data manipulation 
techniques.
Generational (Intelligent) Fuzzing
Develops data models and creates new fuzzed input 
based on an understanding of the types of data used by the program.
The zzuf tool automates the process of mutation fuzzing by manipulating input 
according to user specifications. For example, Figure 15.10 shows a file containing a 
series of 1s.
Figure 15.11 shows the zzuf tool applied to that input. The resulting fuzzed text is 
almost identical to the original text. It still contains mostly 1s, but it now has several 
changes made to the text that might confuse a program expecting the original input. This 
process of slightly manipulating the input is known as 
bit flipping
.
Fuzz testing is an important tool, but it does have limitations. Fuzz testing typically 
doesn’t result in full coverage of the code and is commonly limited to detecting simple vul-
nerabilities that do not require complex manipulation of business logic. For this reason, 
fuzz testing should be considered only one tool in a suite of tests performed, and it is useful 
to conduct test coverage analysis (discussed later in this chapter) to determine the full scope 
of the test.

Testing Your Software 
685
F I G u r e 15 .10
Prefuzzing input file containing a series of 1s
F I G u r e 15 .11
The input file from Figure 15.10 after being run through the zzuf 
mutation fuzzing tool

686
Chapter 15 

Security Assessment and Testing

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   631   632   633   634   635   636   637   638   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish