文件格式漏洞Fuzzing测试技术研究 |
| |
作者单位: | 中南民族大学计算与实验中心 武汉430074 |
| |
摘 要: | Fuzzing测试是一种自动化发掘软件漏洞的方法,本文讨论了文件格式漏洞利用的现状及Fuzzing测试的研究进展,提出了一个文件格式漏洞Fuzzing测试框架,在FileFuzz的基础上实现了一种文件格式Fuzzing测试工具,可以实现对任意文件格式的测试,并可有效地提高测试效率,最后给出了该工具测试的实例。
|
关 键 词: | 文件格式漏洞 Fuzzing测试 漏洞发掘 |
A Research of File Format Vulnerability Fuzzing Test |
| |
Authors: | XIANG Qiao-lian |
| |
Abstract: | Fuzzing is a technique of automatic vulnerability mining.In the light of the research of Fuzzing test and in combination of file format characteristics,a technique of vulnerability mining based on Fuzzing test is proposed.And a Fuzzing tool of this technique is also discussed which is efficient and can be used for any file format.Taking MS04-028 as an example,the usage of this tool is also discussed in this paper. |
| |
Keywords: | File format vulnerability Fuzzing test Vulnerability mining |
本文献已被 CNKI 等数据库收录! |
|