[fuzzing] A proposition : Fuzzers derived from taxonomy
yadab.das at gmail.com
Thu Mar 29 00:19:11 CDT 2007
I do not have a pretty good experience in fuzzing but recently i have
started doing research on fuzzing a network protocol and got some idea..
What i have understand is like following:
1) Capability of a fuzzer depends on the Adversarial Model or the attack
model, which is derived from the security model of the system. And from my
perspective, we can improve a lot on this. Most of the fuzzers are generic
by design an taking account of the most common nodes of the attack
classification tree (if we classify all attacks in a tree : classification
2) There is no specific taxonomy for the attacks for fuzzing. All available
classification taxonomies are generic by there nature and mapping them for
fuzzing domain is realy a hard job. There is a need for a standard taxonomy.
I have prepared a report based on the taxonomy and fuzzers.. If it is ok to
send the report to the community, i can send the report and you can provide
some valuable feedback or can provide some suggestions....
Looking forward for your reponse
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fuzzing