Description:
Fuzzing is the process of sending intentionally invalid data to a product in the hopes of triggering an error condition or fault. These error conditions can lead to exploitable vulnerabilities. The idea behind fuzzing is simple - programmers generally code and test software only for a limited set of inputs which they would expect to face in normal operation of the software. Thus invalid inputs which the programmer never expected to be given, can trigger bugs. These bugs might be further exploitable to execute code or to crash the system. Fuzzing tries to recreate an environment where the superset of all possible input combinations is given to a software and its behavior is observed for crashes and other exceptions.
The video series below is a detailed primer on the art of Fuzzing by
Mike Zusman of the Intrepidus Group. Mike takes us through the basics of fuzzing, different kind of fuzzers and the whole process/methodology to be followed in fuzzing. The process of fuzzing consists of the following steps:
1. Identify the targets
2. Identify the inputs which are to be fuzzed
3. Generate fuzzed data
4. Execute the fuzzed data
5. Monitor for exceptions
6. Determine exploitability
This talk was posted by
Dan Guido from Pentest.cryptocity.net. The total talk is over 2 hours and the audio goes up / down from time to time. But keep watching, it will be well worth your time. T
he slides for the talk can be viewed here.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: