Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer software > Program design,software engineering > Software Engineering > Software Development

The Design and Implemention of Fuzzing Tool

Author LiZongLei
Tutor Zhang
School Beijing University of Posts and Telecommunications
Course Cryptography
Keywords fuzzing Vulnerability discovery Regex Frame
CLC TP311.52
Type Master's thesis
Year 2010
Downloads 88
Quotes 1
Download Dissertation

With the deepening of social information , software security issues become increasingly prominent . A security vulnerability is a software fault mode . The existence of such vulnerability may be software provides easy to attack others . Once the software has been successful attack , the system may be paralyzed , the harm may be greater , therefore , such loopholes should be avoided . The To avoid software vulnerabilities are exploited by attackers before the software is released , its test is required , every effort should be made to find software bugs and vulnerabilities before posting . The real situation : a lot of software are not put through rigorous testing on the market . Fuzzing test is a very good vulnerability detection , automated testing methods . But the fuzzing test the effect , depends largely on its use of the test cases . Fuzzing tools to use relatively simple test case generation method is relatively simple . Regular expressions are a regular way of describing syntax , it is widely used in pattern matching , and the vast majority of programming languages ??are now some support . The paper proposes a novel usage of a regular expression - the regular expression is converted to the corresponding data . Because the regular expression is a description of the very strong , especially suitable for the definition and description of the various structured data . This paper gives such data can generate a complete definition of the expression , to be named \Meanwhile, the paper also achieved a given regular generative data converted into a program code . The design basis for this article is generated type papers and two Fuzzing test framework design and implementation , each frame of the test data are generated by a regular expression generation . These two frameworks is also highly scalable , a dynamic library plugin the paper interface requirements prepared in accordance with the extension , is prepared in accordance with the Python scripting interface requirements . Protocol aspects of the use of these two frameworks , the test can concentrate better the attention test target itself , the test data can be better designed , making it easier to find the test objectives vulnerability . Further papers using the above Fuzzing tool can be tested to the actual target software to obtain a very good experimental results .

Related Dissertations
More Dissertations