Upgrade to Pro — share decks privately, control downloads, hide ads and more …

High Speed Bug Discovery with Fuzzing preroll q...

High Speed Bug Discovery with Fuzzing preroll quotes

Quotes shown before the High Speed Bug Discovery with Fuzzing presentation at Stir Trek 2017

Craig Stuntz

May 05, 2017
Tweet

More Decks by Craig Stuntz

Other Decks in Programming

Transcript

  1. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 This effort and its results show that fuzzing is a very universal technique, and most of its components can be easily reused from one target to another, especially within the scope of a single file format. -Mateusz Jurczyk https://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fuzzing.html
  2. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 Testing is a very wonderful thing, because people [who] try to prove that their software is correct actually spend almost all of their time discovering that it isn’t. It’s only the very last iteration of attempting to prove it’s correct that succeeds! -Benjamin C. Pierce http://omegataupodcast.net/243-formal-specification-and-proof/
  3. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 We didn't call it fuzzing back in the 1950s, but it was our standard practice to test programs by inputting decks of punch cards taken from the trash. -Gerald M. Weinberg http://secretsofconsulting.blogspot.com/2017/02/fuzz-testing-and-fuzz-history.html
  4. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 Intuitively, a mutation strategy is most powerful when the resulting files are successfully processed by the tested software 50% of times, and likewise fail to parse the other 50% of times. This indicates that the test cases are on the verge of being valid, and shows that the configuration is neither too aggressive, nor too loose. -Mateusz Jurczyk https://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html
  5. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 https://twitter.com/gparker/status/804845623136530432
  6. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 Yet, despite the crippling and obvious limitations of fuzzing and the virtues of symbolic execution, there is one jarring discord: I'm fairly certain that probably around 70% of all remote code execution vulnerabilities disclosed in the past few years trace back to fairly “dumb” fuzzing tools, with the pattern showing little change over time. -Michał Zalewski https://lcamtuf.blogspot.com/2015/02/symbolic-execution-in-vuln-research.html
  7. “ High Speed Bug Discovery with Fuzzing …will begin at

    3:30 In the process of writing our early fuzz papers, we came across strong resistance from the testing and software engineering community. The lack of a formal model and methodology and undisciplined approach to testing often offended experienced practitioners in the field…. My response has always been simple: “We're just trying to find bugs”. -Barton Miller http://pages.cs.wisc.edu/~bart/fuzz/Foreword1.html