| 基于漏洞库的fuzzing测试技术 |
| |
| 引用本文: | 张美超,曾凡平,黄奕.基于漏洞库的fuzzing测试技术[J].小型微型计算机系统,2011,32(4). |
| |
| 作者姓名: | 张美超 曾凡平 黄奕 |
| |
| 作者单位: | 1. 中国科学技术大学汁算机科学与技术学院,安徽,合肥,230026
2. 中国科学技术大学汁算机科学与技术学院,安徽,合肥,230026;安徽省计算与通讯软件重点实验室,安徽,合肥,230026 |
| |
| 摘 要: | 鉴于主流fuzzing(模糊)测试技术生成的测试用例随机性和针对性无法兼顾的问题,提出一种基于漏洞库的fuzzing测试技术.根据漏洞产生的原因和重现的方法对漏洞库进行整理分类,构造出测试用例集用于fuzzing测试.这样生成的测试用例集直接与漏洞相关,具有更强的针对性;同时扩展的测试用例集可以用于检测未知的同类漏洞,覆盖面更广,因此保证了一定的随机性.以ftp服务器测试为例,选取了W indow s平台下的4款ftp服务器进行测试,共发现了3款软件的6个新漏洞,提交Se-curityFocus并通过,其中5个漏洞得到了国际权威漏洞数据库CVE的认可.
|
| 关 键 词: | 漏洞库 fuzzing ftp服务器 漏洞挖掘 |
Fuzzing Testing Based on Vulnerability Database |
| |
| ZHANG Mei-chao,ZENG Fan-ping,HUANG Yi.Fuzzing Testing Based on Vulnerability Database[J].Mini-micro Systems,2011,32(4). |
| |
| Authors: | ZHANG Mei-chao ZENG Fan-ping HUANG Yi |
| |
| Affiliation: | ZHANG Mei-chao1,ZENG Fan-ping1,2,HUANG Yi11(School of Computer Science and Technology,University of Science and Technology of China,Hefei 230026,China)2(Anhui Province Key Lab of Software in Computer and Communication,China) |
| |
| Abstract: | Considering the test suites generated by mainstream fuzzing testing techniques can not guarantee the randomness and the pertinence at the same time.In this paper,we propose a fuzzing testing method based on vulnerability database.According to the causes of vulnerabilities and the methods to reproduce them,the vulnerabilities are classified and corresponding test suites are constructed for further fuzzing testing.Test suites constructed in this method have stronger pertinence as they are directly related to ... |
| |
| Keywords: | vulnerability database fuzzing ftp server vulnerability detection |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
