What does Fuzzing do?
It repeatedly executes a unit under test with all kinds of input variants with the goal of finding bugs
-> Doesn’t generate false positives but may miss bugs
What does fuzzing requite and provide?
Requires:
Test automation - the ability to execute tests autmatically
Each test to run fast and the state to be reset after each test execution
Provides:
Concrete inputs - that can be used to reproduce and examine bugs
What is Blackbox fuzzing?
Randomly mutates inputs to the unit under test
Tests the unit under test with these inputs
What are the pros and cons of Blackbox Fuzzing?
Pros:
Very efficient
Cons:
Crucially depends on a diverse set of well-formed seed inputs
Very ineffective in exploring new paths
What are the Pros and Cons of Whitebox Fuzzing?
Very effective in exploring new paths
Does not crucially depend on a diverse set of well-formed seed inputs
Very inefficient
How does Graybox Fuzzing work?
-> Inputs are still mutated randomly
What is the cost expression for taking the ELSE branch for if (a < b)?
Cost expression for taking the ELSE branch of if (a < b):
C = (b - a)
(The cost of taking the else branch when current path is taking the then branch)
What is the Cost Expression for taking the THEN branch of if (a < b)?
The Cost Expression for taking the THEN branch of if (a < b):
(a - (b -1))
(The cost of taking the then branch when current path is taking the else branch)
Which inputs are used in the test suite and which discarded?
Test cases are only taken into the test suite if they explore new paths
-> otherwise they are discarded
What is the formula for linear interploration?
How do you apply fuzzing with prediction using the linear cost function?
Set the cost C(x) function to zero and solve it for x
Use the new value of x for a new test case based on the given values
Last changed18 days ago