Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Does Fuzzing really work?

From: "Ian Melven" <ian.melven () gmail com>
Date: Wed, 27 Sep 2006 08:45:51 -0700
There's a lot of links to fuzzing papers, tools, and articles here.

http://www.threatmind.net/secwiki/FuzzingTools

There's an interesting talk scheduled for Ruincon at the end of
October on this I'm looking forward to also.

Ian

On 9/27/06, Charlie Miller <cmiller () securityevaluators com> wrote:

ergosum wrote:

Hi all,
      I'm with Halvar here,   it's not only a permutation of commands, but more
things are to be evaluated, possible combination of commands, that includes 2
by 2, 3 by 3, etc. Not only that, but possible payloads and timings to try to
uncover race conditions, etc. Much more than 12! as Halvar points out.

      Can someone send some interesting papers on fuzzing strategies? (Apart from
the ones from Dave which all of us know :) ). I would like to link this with
the thread about "Unknown Application Protocol Analysis", is there any
prototype that uses both concepts? Automatic protocol discovery an
subsequently fuzzing of it?

Cheers



Try GPF:

http://www.appliedsec.com/developers.html

Charlie
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: