Fuzzing and Vulnerability Detection
Fuzzing as a dynamic and automated testing approach in vulnerability detection has become an essential instrument to investigate security and robustness of software and hardware systems.
Katinka Prikryl, 2023
Bachelor Thesis, FHNW Fachhochschule Nordwestschweiz
Betreuende Dozierende: Christopher Scherb
Keywords: Fuzzing, Vulnerability Detection, Cyber Security, Software Testing
Views: 16 - Downloads: 2
As the complexity and interconnection of systems and software functionality continue to grow so does the risk of potential vulnerabilities that could be exploited by malicious actors.
Fuzzing is a powerful approach to address this issue by systematically injecting unexpected or invalid input into a target program to uncover well-hidden vulnerabilities and trigger abnormal behaviour. By monitoring the target program during this process and analysing resulting crashes and unexpected output, fuzzing can reveal previously unknown security weaknesses.
This bachelor thesis explores the theory, different approaches, benefits, and experimental practice of fuzzing in the context of vulnerability detection. The study delves into various fuzzing techniques, input generation methods and AFL++, a tool specifically designed for fuzz testing. AFL++ is introduced and used to examine different approaches in three different test cases. Potential findings such as crashes and unforeseen behaviour as well as other metrics are used as indicators to compare the effectiveness of different approaches, highlighting the severity of the findings as well as strengths and limitations in the fuzzing process. Furthermore, this thesis explores possible ways of crash exploration and illustrates what crash analysis and vulnerability detection could look like as well as how an assessment about exploitability could be initiated.
Studiengang: Wirtschaftsinformatik (Bachelor)
Fachbereich der Arbeit: