University of Oulu

Test harness for web browser fuzz testing

Saved in:
Author: Kettunen, Atte1
Organizations: 1University of Oulu, Faculty of Information Technology and Electrical Engineering, Department of Computer Science and Engineering, Computer Science and Engineering
Format: ebook
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 0.8 MB)
Persistent link: http://urn.fi/URN:NBN:fi:oulu-201504161396
Language: English
Published: Oulu : A. Kettunen, 2014
Publish Date: 2015-04-20
Physical Description: 45 p.
Thesis type: Master's thesis (tech)
Tutor: Röning, Juha
Reviewer: Röning, Juha
Schaberreiter, Thomas
Description:
Modern web browsers are feature rich software applications available for different platforms ranging from home computers to mobile phones and modern TVs. Because of this variety, the security testing of web browsers is a diverse field of research. Typical publicly available tools for browser security testing are fuzz test case generators designed to target a single feature of a browser on a single platform. This work introduces a cross-platform testing harness for browser fuzz testing, called NodeFuzz. In the design of NodeFuzz, test case generators and instrumentation are separated from the core into separate modules. This allows the user to implement feature specific test case generators and platform specific instrumentations, and to execute those in different combinations. During development, NodeFuzz was tested with ten different test case generators and six different instrumentation modules. Over 50 vulnerabilities were uncovered from the tested web browsers during the development and testing of NodeFuzz.
see all

Subjects:
Copyright information: © Atte Kettunen, 2014. This publication is copyrighted. You may download, display and print it for your own personal use. Commercial use is prohibited.