Fuzzing Review and Test Case Prioritization Strategies

Slide Note

Fuzzing is an effective method for generating additional test cases in software analysis. Various strategies can be used to prioritize which test case to run next, such as code coverage-based prioritization, input diversity prioritization, and impact analysis prioritization.

indiana Follow

Uploaded on May 17, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

EXERCISE #29 FUZZING REVIEW Write your name and answer the following on a piece of paper In fuzzing, it is easy to generate additional test cases for an analysis target. What are some of the strategies for prioritizing which test case to run next? 1

ADMINISTRIVIA AND ANNOUNCEMENTS

SYMBOLIC EXECUTION EECS 677: Software Security Evaluation Drew Davidson

4 WHERE WE RE AT DYNAMIC ANALYSIS Generating test cases

5 PREVIOUSLY: FUZZING OUTLINE / OVERVIEW GENERATING RANDOMTESTCASES Surprisingly effective in practice Main challenge is exploring new behavior The random fuzz of white noise

6 RESEARCH DIRECTION: GUNKING FUZZING FUZZINGASADVERSARIALRECON Fuzzing is so good at finding bugs that even the bad guys do it PERHAPSAPROGRAMSHOULDDEPLOY ANTI-FUZZINGTECH What would that look like?