Workshop Overview
Fuzzing is a buzz word today. With its origin from the world of academic projects, it has found its way to the heart of companies like Microsoft, McAfee etc and many independent security researchers. It has become an essential part of the Security Development Life Cycle in these organizations and is known to find a high percentage of security issues as compared to other techniques. Fuzzing has been identified as a black box software testing technique. With some basic knowledge of internal implementation of the application through its manuals and other sources, it can result into a very powerful way of finding bugs. Although it is mostly known for finding security vulnerabilities, it is very useful in finding unexpected behavior of the application and its error handling capabilities in general.
Workshop Pre-requisites
Some experience in any form of testing. Patience to concentrate on learning new concepts.
Who Should Attend
The tutorial is meant for software testers, leads and managers with fascination for security testing. It would help them in thinking about the technical aspects and validating the usefulness of implementing fuzzing.
Workshop Contents
I. Introduction
• |
Defining Fuzzing |
• |
Its relevance to testers |
• |
History and Research done so far |
• |
Fuzzing as an automated testing technique |
• |
Existing tools and frameworks |
II. Before we discuss fuzzing
• |
Generation and Mutation of Data |
• |
Binary Data |
• |
Packing |
• |
Little Endian/Big Endian |
• |
Data Formats: Network packets/File formats |
• |
Tools (with demo) |
• |
Hex Editors |
• |
Network Package capturing - Ethereal |
• |
Information gathering - Reconnaissance |
• |
RegMon |
• |
FileMon |
• |
Process explorer |
• |
Which Programming Language is suitable? |
III. Fuzzing Process (TIGEMA)
• |
Target Identification |
• |
Input Vectors |
• |
Generation |
• |
Execution |
• |
Monitoring |
• |
Analysis |
IV. Fuzzing types
• |
File fuzzing |
• |
Registry fuzzing |
• |
Web Application fuzzing |
• |
Network Application fuzzing |
• |
Browser fuzzing |
V. Fuzz Heuristics
VI. Demo on Fuzzing tools
• |
API Fuzzer |
• |
CLI Fuzzer |
• |
Framework: A popular free/open-source fuzzing framework (e.g. Peach) |
| |
Generic File Fuzzer: A popular free/open-source fuzzing tool (e.g. FileFuzz) |
VII. Designing a fuzzing Framework/Tool
• |
Design Snapshot |
• |
Design considerations |
IX. Further steps
X. References and Conclusion
Exercises
The workshop would be interactive and the participants would work on a common exercise which will be revisited multiple times.
Demonstration
The workshop would demonstrate a custom fuzzing script and vulnerability analysis of a buffer overflow.
Participant Take Away
Participants would learn an automated testing technique known to find a high percentage of vulnerabilities reported.
Rahul Verma is QA Tech Lead for Casper Core team at McAfee India. With an experience of 7 years in the industry, he has explored the areas of security testing, large scale performance testing and database migration projects. He is a core member of the McAfee Global Performance Testing Team and a Python trainer in the McAfee Automation Club. Rahul has presented at several conferences, organizations and academic institutions including CONQUEST-2009 (Germany), STeP-IN, ISQT, TEST2008, IIT Madras, Yahoo, BWST-1 and STIG. His recent presentations were on the subjects of Fuzzing, Buffer Overflow Exploitation, Python, Performance Engineering COE, Web Application Security and User Behavior & Performance Perception Analysis (UBPPA). He is a member of Indian Testing Board and is one of the authors of ISTQB Foundation syllabus (2009). He got the Testing Thought Leadership Award at TEST2008 conference for his website www.testingperspective.com, along with the Best Innovative Paper Award for his paper on design of Fuzzing Frameworks. |
Conference Tutorials 
