[fuzzing] Microsoft tool
Sébastien Duquette
ekse.0x at gmail.com
Sun Sep 20 23:29:42 UTC 2009
I played with MiniFuzz a little. The documentation says :
"MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz
testing by non-security people who are unfamiliar with file fuzzing
tools or have never used them in their current software development
processes."
MiniFuz is a dumb file fuzzer, which means it doesn't care about the
normal structure of a file, it just randomize a certain percentage of
the file. What's neat about MiniFuzz is that it handles the whole
fuzzing process : generating the fuzz samples, runs the application
with the fuzzed file, attach a debugger and detecs crashes, collects
crash dump and repeats the process.
I think this tool is great for what it is aiming for : bringing
fuzzing to non-security people. Of course, important software should
go through more extensive testing with "smart" fuzzing.
As a little trivia, the documentation reports that the SDL requires to
fuzz 100 000 samples per supported file format prior to distributing
the software. With the default 2 seconds delay between each test, that
means it will take 55 hours to fuzz a program on a single machine.
Sébastien
On Thu, Sep 17, 2009 at 2:32 PM, Gadi Evron <ge at linuxbox.org> wrote:
> Anyone had any experience with this yet?
>
> http://darkreading.com/security/app-security/showArticle.jhtml?articleID=220000750
>
> Gadi.
>
>
>
> --
> Gadi Evron,
> ge at linuxbox.org.
>
> Blog: http://gevron.livejournal.com/
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
More information about the fuzzing
mailing list