[Dailydave] Does Fuzzing really work?

[ergosum]

On Wednesday 27 September 2006 17:45, Ian Melven wrote:
> There's a lot of links to fuzzing papers, tools, and articles here.
>
> http://www.threatmind.net/secwiki/FuzzingTools
>

Nice resource. 

> There's an interesting talk scheduled for Ruincon at the end of
> October on this I'm looking forward to also.
>

There is also a Toorcon talk about the matter:
http://www.toorcon.org/2006/conference.html?id=10

Which btw is the guy from appliedsec that Charlie pointed out :)

> Ian
>
> On 9/27/06, Charlie Miller <cmiller at securityevaluators.com> wrote:
> > ergosum wrote:
> > > Hi all,
> > >       I'm with Halvar here,   it's not only a permutation of commands,
> > > but more things are to be evaluated, possible combination of commands,
> > > that includes 2 by 2, 3 by 3, etc. Not only that, but possible payloads
> > > and timings to try to uncover race conditions, etc. Much more than 12!
> > > as Halvar points out.
> > >
> > >       Can someone send some interesting papers on fuzzing strategies?
> > > (Apart from the ones from Dave which all of us know :) ). I would like
> > > to link this with the thread about "Unknown Application Protocol
> > > Analysis", is there any prototype that uses both concepts? Automatic
> > > protocol discovery an subsequently fuzzing of it?
> > >
> > > Cheers
> >
> > Try GPF:
> >
> > http://www.appliedsec.com/developers.html
> >
> > Charlie
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunitysec.com
> > http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

-- 
Alejandro Barrera García-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera at iron-gate.net

-- 
"We must be the change we wish to see in the world"
Mahatma Gandhi