Fuzzing and Vulnerability Detection

Fuzzing as a dynamic and automated testing approach in vulnerability detection has become an essential instrument to investigate security and robustness of software and hardware systems.

Prikryl, Katinka, 2023

Art der Arbeit Bachelor Thesis
Auftraggebende Fachhochschule Nordwestschweiz FHNW
Betreuende Dozierende Scherb, Christopher
Keywords Fuzzing, Vulnerability Detection, Cyber Security, Software Testing
Views: 92 - Downloads: 11
As the complexity and interconnection of systems and software functionality continue to grow so does the risk of potential vulnerabilities that could be exploited by malicious actors.
Fuzzing is a powerful approach to address this issue by systematically injecting unexpected or invalid input into a target program to uncover well-hidden vulnerabilities and trigger abnormal behaviour. By monitoring the target program during this process and analysing resulting crashes and unexpected output, fuzzing can reveal previously unknown security weaknesses.
This bachelor thesis explores the theory, different approaches, benefits, and experimental practice of fuzzing in the context of vulnerability detection. The study delves into various fuzzing techniques, input generation methods and AFL++, a tool specifically designed for fuzz testing. AFL++ is introduced and used to examine different approaches in three different test cases. Potential findings such as crashes and unforeseen behaviour as well as other metrics are used as indicators to compare the effectiveness of different approaches, highlighting the severity of the findings as well as strengths and limitations in the fuzzing process. Furthermore, this thesis explores possible ways of crash exploration and illustrates what crash analysis and vulnerability detection could look like as well as how an assessment about exploitability could be initiated.
Studiengang: Wirtschaftsinformatik (Bachelor)
Vertraulichkeit: öffentlich
Art der Arbeit
Bachelor Thesis
Auftraggebende
Fachhochschule Nordwestschweiz FHNW, Basel
Autorinnen und Autoren
Prikryl, Katinka
Betreuende Dozierende
Scherb, Christopher
Publikationsjahr
2023
Sprache der Arbeit
Englisch
Vertraulichkeit
öffentlich
Studiengang
Wirtschaftsinformatik (Bachelor)
Standort Studiengang
Olten
Keywords
Fuzzing, Vulnerability Detection, Cyber Security, Software Testing