- Tài khoản và mật khẩu chỉ cung cấp cho sinh viên, giảng viên, cán bộ của TRƯỜNG ĐẠI HỌC FPT
- Hướng dẫn sử dụng:
Xem Video
.
- Danh mục tài liệu mới:
Tại đây
.
-
Đăng nhập
:
Tại đây
.
Fuzzing (also called fuzz testing) is a type of black box testing that submits random data as inputs into software programs to determine if they will crash. A program that crashes when receiving malformed or unexpected input is likely to suffer from a boundary checking issue, and may be prone to a buffer overflow attack. It was pioneered in the late 1980s by Barton Miller at the University of Wisconsin. Since then, fuzzing has been proven to be an effective technique for finding vulnerabilities in software. While the first fuzz testing methods were completely focus on randomly generated test data (random fuzzing), advances in symbolic computation, model-based testing, as well as dynamic test case generation have lead to more advanced fuzzing techniques such as mutation-based fuzzing, generation-based fuzzing, or gray-box fuzzing.1 American Fuzzy Lop developed by Michal Zalewski has a revolutionary step to make fuzzer smart, go deeper into software. However, many problems of smart fuzzer still exist when it meets modern software like input mutation, closed-source program, environment dependencies, optimize hardware resource , etc. In our project, we want to build a system that automatically deploys fuzzers, optimizing resource usage by using available cloud computing. After four months of researching and developing, we have created a system that allows users perform fuzz testing a closed-program on Windows platform, scale the performance linear with a number of fuzzers machine using cloud Vultr instance and providing a friendly web interface and a web api system for integrating with modern systems.