Test harness for web browser fuzz testing
Kettunen, Atte (2014-11-28)
Kettunen, Atte
A. Kettunen
28.11.2014
© 2014 Atte Kettunen. Tämä Kohde on tekijänoikeuden ja/tai lähioikeuksien suojaama. Voit käyttää Kohdetta käyttöösi sovellettavan tekijänoikeutta ja lähioikeuksia koskevan lainsäädännön sallimilla tavoilla. Muunlaista käyttöä varten tarvitset oikeudenhaltijoiden luvan.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-201504161396
https://urn.fi/URN:NBN:fi:oulu-201504161396
Tiivistelmä
Modern web browsers are feature rich software applications available for different platforms ranging from home computers to mobile phones and modern TVs. Because of this variety, the security testing of web browsers is a diverse field of research. Typical publicly available tools for browser security testing are fuzz test case generators designed to target a single feature of a browser on a single platform. This work introduces a cross-platform testing harness for browser fuzz testing, called NodeFuzz. In the design of NodeFuzz, test case generators and instrumentation are separated from the core into separate modules. This allows the user to implement feature specific test case generators and platform specific instrumentations, and to execute those in different combinations. During development, NodeFuzz was tested with ten different test case generators and six different instrumentation modules. Over 50 vulnerabilities were uncovered from the tested web browsers during the development and testing of NodeFuzz.
Kokoelmat
- Avoin saatavuus [31995]