Background
There are two types of testing methodology
General testing (Test case are fixed)
Regression testing
Unit testing
Integration testing
Spec-focused use cases
Random Testing
Fuzzing
Fuzzing may find more bugs than all other forms of testing.
Challenges of Testing
The main issue is verification
Hard to define the right output
Hard to manage the side effects
Distinguish bugs from features
Discovering Vulnerabilities
Three primary methods
Source code auditing (static/dynamic input)
White box testing
Requires source code
Need compiler flags for this
Like buffer overflow etc
Reverse engineering (static input)
Fuzzing (dynamic input
Lots of tools/frameworks exist
Its not necessary to have source code
only binary is fine
Dynamic Taint Analysis / Data flow (dynamic)
Symbolic Execution (Dynamic)
Not all bugs are vulnerabilities.
Only exploitable bugs are vulnerabilities.
So look for exploitable bugs.
What is fuzzing?
Testing process by sending specific data to app, and try to generate certain responses
Specific data includes
- Mutated data, generational data, edge cases, unanticipated data-types, etc
Certain response includes
- crashes, errors, anomalous behavior, changed app states, etc
Its very effective since it can transit 1000x more test cases than manual testing.