1
Q
How does fuzzing work?
A
Check for software vulnerabilities through dynamic testing:
- automatically generate so-called fuzz test cases
- monitor target program for security-related bugs
2
Q
Name the three different classes of fuzzing
A
- black-box fuzzing: check if a fuzz test crashed the target program
- white-box fuzzing: use heavyweight program and runtime analysis
- grey-box fuzzing: use lightweight analysis techniques such as code coverage
3
Q
What different input generation techniques are there?
A
- Random generation
- Model-based input generation (either predefined or inferred model: specification mining)
- Mutation-based Input Generation (start with initial kernel of valid seed inputs, use mutation operators: bit-flipping, arithmetic / block-based dictionary based, crossover)
4
Q
How does execution monitoring work?
A
When does a fuzz test violate security policy?
- termination with a fatal signal
- many memory errors automatically detected by OS
- sanitizers can find more errors: address sanitizers, UB sanitizers, thread sanitizers
SecEng
flashcards
Decks in class (20)
# Cards
-
Introduction and Fundamentals5
-
Security Principles13
-
Security, Usability, Psychology23
-
Threat Modeling16
-
Web Application Security7
-
System-Level Security: Buffer Overflows1
-
Mobile Application Security7
-
Obfuscation27
-
Software-based Integrity Protection27
-
Hardware-based Integrity Protection9
-
Side-channel Attacks9
-
Privacy Enhancing Technologies13
-
Misconfiguration4
-
Intrusion Detection7
-
Fuzzing4
-
Malware15
-
Pentesting6
-
More on Passwords3
-
Incident Response3
-
Risk analysis6
