An empirical study of the reliability of UNIX utilities
Communications of the ACM
Writing Secure Code
Violating Assumptions with Fuzzing
IEEE Security and Privacy
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
| Hi-index | 0.24 |
The basic value proposition of vulnerability finding is simple: it is better for vulnerabilities to be found and fixed by good guys than for them to be found and exploited by bad guys. Fuzzing is the art of automatic vulnerability finding. In this paper, we propose a vulnerability finding approach based on fuzzing and apply our approach to TFTP protocol. We analyzed all the vulnerabilities that had been released about TFTP protocol, and summed up the vulnerable points in TFTP servers. Aiming at those vulnerable points, a fuzzing tool named tftpServerFuzzer was specifically designed and implemented to test TFTP servers. We collected 11 types of TFTP servers based on Windows via Internet. Testing those TFTP servers by tftpServerFuzzer, we discovered three unreleased and almost all the released vulnerabilities on those TFTP servers. The result indicates not only the validity and superiority of the tftpServerFuzzer we designed, but also the efficiency of our approach.