Skip to main content

Software Testing through Fuzzing

Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.Fuzzing is  often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing technique is commonly used to test for security problems in software or computer systems ans also used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes.



There are two forms of fuzzing program; mutation-based and generation-based, which can be employed as white-, grey- or black-box testing. File formats and network protocols are the most common targets of testing, but any type of program input can

be fuzzed. Interesting inputs include environment variables, keyboard and mouse events, and sequences of API calls. Even items not normally considered "input" can be fuzzed, such as the contents of databases, shared memory, or the precise interleaving

of threads.

A fuzzer would try combinations of attacks on:
- numbers (signed/unsigned integers/float...)
- chars (urls, command-line inputs)
- metadata : user-input text (id3 tag)
- pure binary sequences
Fuzzing best work for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware,
some viruses, worms, Trojans and keyloggers.
Labels:

Comments

Post a Comment

Popular posts from this blog

Finding IP address using facebook!!!!!

If you want to check for ip address of particular person on facebook or orkut or any other social site just invite them for a chat, so that your browser should connect to that system, than only when chat is ON open command prompt type the below command Netstat –an This will show you the  connected ip addresses, than from shown ip addresses search for suspicious ip address that is not the local connection address. Local connections normally start from 192.168.1.1 ranging to 192.168.1.255 Other netstat commands: -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p op...
2 comments
Read more

SQL Injection ,Hacking PHP 4.4 sites in seconds

Today I am going to teach you how to hack a certain type of websites with very least efforts. Websites with PHP  4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and in just few steps you will access the admin's account of that website. Remember,this tutorial is applicable on PHP 4.4 machines with Apache running in parallel with them. Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be sued!!!. Also this tutorial is only for educational purpose. Here we go!!! Step 1 – Search for them Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.You can do this by searching inurl:adminlogin . Step 2 – Scan them Start by scanning them using Nmap ,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login. Now just login using port 2000 ie - ...
Post a Comment
Read more

How to create Bootable USB using Rufus

Rufus is a great software that allows you to create a bootable USB drive using an .ISO file.Its Ideal for installing programs and software on windows for whom CD drive are not available. In order to create a bootable USB drive you will need three things : 1 USB drive 2 Your .ISO file which you want to boot your USB with. 3. Rufus Let's get going!! STEP 1 First of all download Rufus , you can download it from their site -  https://rufus.akeo.ie/ Download the latest version (right now its Rufus 2.9). You don't need to install it , it runs directly STEP 2 : Inser the USB drive and open Rufus , make sure you take backup of all files in your USB drive because Rufus will format the USB before booting it. STEP 3: Once you have started Rufus check for all desired things. Make sure device field is set to the correct device(device that you want to boot i.e USB) Also Make Sure "Create a bootable disk " option is ticked else i...
Post a Comment
Read more