Fuzz Testing

[Audio] Hey everyone my name is Robert, and I am here today to make a presentation about Fuzz Testing..

Table of Contents. Introduction Uses of Fuzz Testing Pros and Cons Types of Fuzzers Fuzz Testing Tools Steps to Successful Fuzz Testing Fuzz Testing in the Automotive Industry Common Challenges Conclusion.

[Audio] What is Fuzz Testing, Put simply, fuzzing introduces unexpected inputs into a system and watches to see if the system has any negative reactions to the inputs that indicate security, performance, or quality gaps or issues. Barton Miller, a professor at the University of Wisconsin, invented fuzz testing in 1989..

[Audio] Why do Fuzz Testing Usually, Fuzzy testing finds the most serious security fault or defect. Fuzz testing is used to check the Vulnerability of software. Fuzzing is one of the most common methods hackers used to find the vulnerability of the system..

[Audio] The advantages of Fuzz Testing include: Fuzz testing improves software Security Testing. If any of the bugs fail to get noticed by the testers due to the limitation of time and resources those bugs are also found in Fuzz testing. Presents results with little attempt - as soon as a fuzzer is up and strolling, it may be left for hours, days, or months to search for bugs without an interaction. The disadvantages of Fuzz Testing include: Fuzz testing alone cannot provide a complete picture of an overall security threat or bugs. To perform effectively, it will require significant time..

[Audio] Fuzzers that modify existing data samples to produce new test data are known as mutation-based fuzzers. Generation-Based Fuzzers create new data based on the model's input. It starts from the beginning, producing input depending on the requirements. The most successful fuzzer is PROTOCOL-BASED- FUZZER, which has extensive knowledge of the protocol format being tested..

[Audio] A fuzzing tool injects these inputs into the system and then monitors for exceptions such as crashes or information leakage. Burp Suite, Peach Fuzzer, Spike Proxy, Webscarab, and other online security tools may be utilized extensively in fuzz testing..

[Audio] Steps to Successful Fuzz Testing Step 1) Identifying the target system Step 2) Identifying inputs Step 3) Generating Fuzzed data Step 4) Executing the test using fuzzy data Step 5) Monitoring the system behavior Step 6) Logging defects.

[Audio] With each passing year, vehicles emerge as greater complicated and linked. International data corporation predicts that via 2023, almost 70% of worldwide new light-duty cars and trucks may have embedded connectivity. While this connectivity provides consumers the comfort they demand, it will increase the automobile's attack floor – USB connections, linked entertainment, navigation systems, and wireless systems. This makes car cybersecurity testing even more crucial to prevent criminals from stealing the automobile and compromising automobile systems, privateness, and safety of occupants..

[Audio] The following are the common challenges when fuzz testing: Where to start fuzzing? How to fuzz complex systems with dependencies? The dependencies within the automobile software make it difficult for builders to fuzz the programs nicely and the guide attempt remains very high How to integrate fuzz testing into the CI/ CD? Developers, safety specialists, and managers must be on the identical page about the consequences of these modifications and the way they affect certain methods..

[Audio] In conclusion, Fuzzing cannot guarantee the detection of bugs completely in an application. Remember… there is also a human component to automated bug finding Thank you for your time and listening to my presentation. Please feel free to ask any questions.