American fuzzy lop (AFL) fuzzing
This final year project introduces the concept of fuzzing to discover flaws in code, and expose loopholes that might have the potential to cause damage to computer systems. Fuzzing is a fairly new method of discovering bugs within programs that might not otherwise be easily caught using tradition...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/77138 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | This final year project introduces the concept of fuzzing to discover flaws in code, and expose
loopholes that might have the potential to cause damage to computer systems. Fuzzing is a
fairly new method of discovering bugs within programs that might not otherwise be easily
caught using traditional methods such as source code analysis and limited testing using a
set of pre-defined inputs. Attempts will be made to discover bugs by testing the extraction
function from the open-source software archiver 7-Zip. The fuzzer American Fuzzy Lop
(AFL) will be employed for this project. AFL employs a novel type of compile-time instrumentation
and genetic algorithms to generate semi-valid data and increase code coverage,
reducing effort and time required to find potential exploitable vulnerabilities. Debugging
will form the second half of this paper by detailing how faults can be identified within the
application. The paper will conclude by listing of problems found in the paper and possible
remediations that could be performed to improve the reliability of 7-Zip. |
|---|