Fuzzing is an effective method of finding vulnerabilities in programs and operating systems. It is the stated goal of this research project to find vulnerabilities in Operating Systems, Commonly Used Software, Platform Code, and Server Services. Fuzzing is the process of delivering generated test cases to a system and monitoring the systems's state machine for faults. Faults and their test cases, arce collected for analysis into possible exploitable conditions or other security releated vulnerabilities. Typical results found from fuzzing are the presence of Memory Corruption Vulnerabilities.
-
Make a list of Possible Target Environment's and Applications to be tested
-
Analyze Protocols or Software chosen for specific attack surfaces that may be available.
-
Read Protocol documentation and form the necessary requirements for developing a datamodel.
-
Write complete datamodel and/or positive test cases for mutation.
-
Fuzz Target ... wait for crashes!