Fuzz - 3.0 - Dynamic analysis basics

How to generate crashes

  • General Testing on Logic Flaws

  • Very hard to detect, generally infeasible

  • fuzz -> detect exceptional behavior -> determine if bug -> determine if vulnerability

White box

So we have test harness for this case

  • Common Test Harness area

  • process died/zombied

  • PID gone

  • logs

  • attach a debugger, check state

Black box

by introspection

  • look for access form
  • view output
  • check response time, detect crashes, things that different to standard