Test harness for web browser fuzz testing
1University of Oulu, Faculty of Information Technology and Electrical Engineering, Department of Computer Science and Engineering, Computer Science and Engineering
|Online Access:||PDF Full Text (PDF, 0.8 MB)|
|Persistent link:|| http://urn.fi/URN:NBN:fi:oulu-201504161396
|Publish Date:|| 2015-04-20
|Thesis type:||Master's thesis (tech)
Modern web browsers are feature rich software applications available for different platforms ranging from home computers to mobile phones and modern TVs. Because of this variety, the security testing of web browsers is a diverse field of research. Typical publicly available tools for browser security testing are fuzz test case generators designed to target a single feature of a browser on a single platform. This work introduces a cross-platform testing harness for browser fuzz testing, called NodeFuzz. In the design of NodeFuzz, test case generators and instrumentation are separated from the core into separate modules. This allows the user to implement feature specific test case generators and platform specific instrumentations, and to execute those in different combinations. During development, NodeFuzz was tested with ten different test case generators and six different instrumentation modules. Over 50 vulnerabilities were uncovered from the tested web browsers during the development and testing of NodeFuzz.
© Atte Kettunen, 2014. This publication is copyrighted. You may download, display and print it for your own personal use. Commercial use is prohibited.