Fuzz Testing – an effective technique for detecting unidentified security breaches
In this increasingly inter-networked world, security testing has become
an essential component of the development process. Fuzz Testing has
proven to be an effective technique for detecting unidentified security
breaches (0-day vulnerabilities). Using this test method, the interfaces
of the system that is undergoing testing are faced with nonstandard and
unexpected inputs in a variety of ways in order to test their
Random Fuzzing is the easiest way to find security breaches. However, due to the complexity of the input parameter space, it does not offer a sufficient level of efficiency to test the system comprehensively. Smart Fuzzing uses models of your interfaces, protocols or services to generate test cases, thus reducing the large number of test cases to only the most relevant and allowing complex errors to be discovered more easily. Smart Fuzzing is therefore considerably more efficient when compared with simple Fuzzing techniques.
We develop Smart Fuzzing heuristics both for Data Fuzzing (based on Fuzzino) as well as for Behavioural Fuzzing, which are tailored specially to your interfaces, protocols and services. For this, we use system models. However, even if these are not available, we can use functional test cases or system traces and therefore reduce the initial barriers. By using additional information from a risk analysis, the test process becomes considerably more efficient.
Our process is based on an analysis of the system that is to be fuzzed
as well as, ideally, on a risk analysis. On the basis of these results,
suitable Fuzzing heuristics will be chosen and new ones will be
developed. The next step is choosing and, if necessary, annotating
suitable test scenarios from which the robustness or security test cases
will then be automatically generated. Using the example of an industry
partner's banknote processsing system, we have created a risk analysis
together with system experts and examined its protocol for possible
weaknesses with the help of functional test cases. Based on these
functional test cases and with the help of the risk analysis, suitable
test cases were chosen and specific security tests generated from these.
Both Data and Behavioural Fuzzing were used for this purpose. Thanks to
an optimised runtime environment, a high coverage of risks could
therefore be achieved in a more reasonable time. The results of this can
be found on the DIAMONDS project website.
"Fuzzino", our basic solution for Fuzzing, has already been used by various tool suppliers, including Dornier Consulting and TestingTechnologies. With do.ATOMS, Dornier Consulting offers a test tool for model-based functional tests. With the help of Fuzzino, both security tests and functional tests can be carried out with Fuzzing using the same tool. TestingTechnologies' TTworkbench has also already been prepared for Fuzzing and the newest version offers a TTCN-3 language extension, with the help of which functional test suites can easily be reused for Fuzzing, supported by Fuzzino.
- Preparation and implementation of security and robustness tests on your product with Fuzzing
- Analysis of product-specific interfaces, protocols, and services and the development of individual Fuzzing heuristics
- Support with the implementation of Fuzz Testing into your test process and your test tools with the help of Fuzzino
- IT security risk analysis