Discovering Software Vulnerabilities Based on Fuzz Testing

• Main Authors: Yu-Ming Chung, 鍾育民
• Other Authors: Chih-li Hung
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/758erv

碩士 === 中原大學 === 資訊管理研究所 === 104 === In recent years, computers and Internet are widely used in many areas. As a result, computer security issues are becoming evident as time passed by. All software more or less has security vulnerabilities. If exploited by malicious hackers, vulnerabilities will cause tremendous loss to software corporations and end users. There is no doubt that discovering software vulnerabilities is an important task.False declaration and false judgment are common problems that occur to vulnerability discovering technology. Vulnerabilities have to be discovered rapidly without wasting time; the available vulnerabilities have to be located as quickly as possible. In this connection, this study focused on the implementation of Microsoft Office file processing program’s vulnerability discovering system. As far as we can see, all fuzzy testing technologies consume lots of time and system resources without processing file formats. Therefore, this study examined all software security testing methods and vulnerability discovering technologies in an attempt to design a test framework based on fuzzy testing theory and file format analysis and thereby upgrade vulnerability discovering efficiency for the software vulnerability researchers’ use. According to the data obtained from the experiment, the software vulnerability discovering system implemented by this study is sufficient to locate Office file processing software’s weakness faster than any other system and to minimize the time needed for discovering vulnerability at the same time.