Using Fuzzing to Detect Security Vulnerabilities

By | December 7, 2006

Most computer system intrusions are a result of security vulnerabilities in applications. Detection and identification of security vulnerabilities is an interesting process not only for security experts and system administrators, but also for intruders attempting to penetrate computer systems.

Once detected, exploits for new security vulnerabilities can be created and intruders can penetrate a high number of systems on the Internet. This is a significant threat to all information system users.

There are several methods that are used to find new security vulnerabilities: Source code analysis, Binary file analysis (static and dynamic (runtime) analysis), Runtime analysis of API functions, Fuzzing methods (fault injection) and Hybrid methods (various combinations of above methods).

Although all of the methods listed above can lead to detection of new security vulnerabilities, some of them are better because of their speed and simpler detection. In last couple of years, special attention was given to the technique called fuzzing. This method allows relatively fast detection of critical security vulnerabilities in various applications.

Critical security vulnerabilities are usually variations of buffer overflow attacks, which allow an unauthorized user to overwrite critical parts of a vulnerable process memory. The result of exploiting this vulnerability is usually execution of a shellcode, a specially written code that was injected into a proces by the unauthorized user in order to get access to the target system.

The fuzzing method is based on the fault injection technique that, by sending various input data to the target application, tries to detect a security vulnerability. When using this technique it is important to change the input data so a security vulnerability can be detected while, at the same time, it passes sanity checks by the target application. Fuzzing methods are usually used on server and client applications, file parsers, SUID applications etc. Generally, any application that is parsing data entered by a user can be submitted to a fuzzing method in order to detect security vulnerabilities.

Click here to download the full paper

Leave a Reply