Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Rule-based static analysis of network protocol implementations
Information and Computation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
TFTP vulnerability finding technique based on fuzzing
Computer Communications
Detecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning
FORTE '08 Proceedings of the 28th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Efficient file fuzz testing using automated analysis of binary file format
Journal of Systems Architecture: the EUROMICRO Journal
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
Tradeoffs in targeted fuzzing of cyber systems by defenders and attackers
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Down to the bare metal: using processor features for binary analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Semi-valid input coverage for fuzz testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Fuzzing the ActionScript virtual machine
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
A novel vulnerability detection method for ZigBee MAC layer
International Journal of Grid and Utility Computing
A case study in evidence-based DSL evolution
ECMFA'13 Proceedings of the 9th European conference on Modelling Foundations and Applications
| Hi-index | 0.00 |
Boundary conditions are important because significant subsets of boundary condition failures are security failures. As such, the boundary conditions we don't test today are the security patches we'll have to issue tomorrow. An effective way to limit border vulnerabilities is ttesting via fuzzing. This highly automated testing technique can cover large numbers of boundary cases using invalid data (from files, network protocols, and other targets) as application input. This article shows how fuzzing often works well when techniques such as functional testing would be cost prohibitive.