On Sun, Apr 06, 2014 at 08:26:41PM +0200, Meredith L. Patterson wrote: > Oh, that's clever. I'd been headed down the symbolic-execution path for > X.509 parse tree differentials, but GA fuzzing bred from real-world certs > and synthetic cert parts is both hilarious and clearly effective. I wonder > if we should invite them for an afternoon presentation, if they'll be > around in time.
On the off chance you didn't already know this, mutation and recombination of valid inputs are pretty much the standard "dumb" fuzzing technique these days. 5 lines of python for the former: http://fuzzinginfo.files.wordpress.com/2012/05/cmiller-csw-2010.pdf There's a reasonable book on the subject that has sat unopened on my desk but has pointers to lots of tools: http://www.fuzzing.org/ The main difficulty seems to be in setting up the test harness and configuring a (private?) cloud of (presumably Linux) boxes to run it. Microsoft seems enthusiastic: http://research.microsoft.com/pubs/121494/paper.pdf Codenomicon has Testing as a Service: http://www.codenomicon.com/news/press-releases/2012-01-24.shtml And they found a prior TLS bug that way: http://www.codenomicon.com/news/press-releases/2012-05-11.shtml -- http://www.subspacefield.org/~travis/ Remediating... like a BOSS.
pgpg0J4MMEDes.pgp
Description: PGP signature
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
