Description
Date depot: 11 février 2021
Titre: Advanced vulnerability discovery through fuzzing
Directeur de thèse:
Davide BALZAROTTI (Eurecom)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini
Resumé: Fuzz Testing, or Fuzzing, is a software testing family of techniques to
nd security vulnerabilities repeatedly providing the program under test with generatedinputs, usually unexpected or invalid.The program is monitored for faults, such as crashes or assertion errors, and inputs that trigger faults are reported to the user.Almost all the software that expects some kind of input can be tested using Fuzzing, but the setup can be dicult for some programs with complex input mechanisms, such as stateful servers that expect a request-response pattern.For applications that take inputs in standard ways, such as reading from a fi
le, a fuzzer is easy to use and almost automatic.In the latest 20 years, fuzzers becomes a key asset for Security Researchers that launch them and wait for shallow bugs while doing other tasks in the case of naive fuzzing, or that build custom optimized fuzzers for each application touncover deep bugs.
Doctorant.e: Fioraldi Andrea