RuXXer [PPT]
Fuzz testing. The field of fuzzing originated with Barton Miller at the University of Wisconsin in 1988.
This early work includes not only the use of random unstructured testing, but also a systematic set of tools to evaluate a wide variety of software utilities on a variety of platforms, along with a systematic analysis of the kinds of errors that were exposed by this kind of testing. In addition, they provided public access to their tool source code, test procedures and raw result data. For the purpose of security, input that crosses a trust boundary is often the most interesting.[2] For example, it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible only to a privileged user. Fuzzing Frameworks - Pedram Amini. Fuzzing: Brute Force Vulnerability Discovery. Information Security Training. There are a plethora of fuzzers available nowadays that target everyday network protocols and file formats.
These fuzzers thoroughly iterate through their targeted protocols and files, and act as a valuable resource for stress testing as well. There are two genres of fuzzers; specialized and generic (aka ‘dumb’) fuzzers.
BFF - Basic Fuzzing Framework | Fuzzing.