Automating the fuzzing triage process
This final year project explores the usage of scripting to improve the efficiency of the fuzzing workflow. Fuzzing is a method of discovering bugs that is quickly gaining momentum within the development community. It has the ability to discover bugs within programs that might otherwise be very hard...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project (FYP) |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/140674 |
| _version_ | 1826110006247817216 |
|---|---|
| author | Loh, Qi Yuan |
| author2 | Liu Yang |
| author_facet | Liu Yang Loh, Qi Yuan |
| author_sort | Loh, Qi Yuan |
| collection | NTU |
| description | This final year project explores the usage of scripting to improve the efficiency of the fuzzing workflow. Fuzzing is a method of discovering bugs that is quickly gaining momentum within the development community. It has the ability to discover bugs within programs that might otherwise be very hard to get at using traditional methods like source code analysis and program testing using sets of pre-defined inputs. There are a large number of existing tools available to users and development of fuzzing techniques have also taken a huge step forward. Fuzzers have become a flexible tool that can help both developers and pen-testers.While the fuzzer technology has been constantly improving, the workflow of a user during the fuzzing cycle has remained constant throughout. The user runs the fuzzer and then manually debugs each of the output files from the fuzzer to determine the reason behind the erroneous behaviour. This project aims to change the existing workflow by streamlining the work during the triage process. The final tool works in conjunction with AddressSanitizer, the GDB debugger and Valgrind to achieve automated log extraction and crash analysis leading to categorisation of the files. |
| first_indexed | 2024-10-01T02:27:24Z |
| format | Final Year Project (FYP) |
| id | ntu-10356/140674 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T02:27:24Z |
| publishDate | 2020 |
| publisher | Nanyang Technological University |
| record_format | dspace |
| spelling | ntu-10356/1406742020-06-01T05:53:00Z Automating the fuzzing triage process Loh, Qi Yuan Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering This final year project explores the usage of scripting to improve the efficiency of the fuzzing workflow. Fuzzing is a method of discovering bugs that is quickly gaining momentum within the development community. It has the ability to discover bugs within programs that might otherwise be very hard to get at using traditional methods like source code analysis and program testing using sets of pre-defined inputs. There are a large number of existing tools available to users and development of fuzzing techniques have also taken a huge step forward. Fuzzers have become a flexible tool that can help both developers and pen-testers.While the fuzzer technology has been constantly improving, the workflow of a user during the fuzzing cycle has remained constant throughout. The user runs the fuzzer and then manually debugs each of the output files from the fuzzer to determine the reason behind the erroneous behaviour. This project aims to change the existing workflow by streamlining the work during the triage process. The final tool works in conjunction with AddressSanitizer, the GDB debugger and Valgrind to achieve automated log extraction and crash analysis leading to categorisation of the files. Bachelor of Engineering (Computer Science) 2020-06-01T05:53:00Z 2020-06-01T05:53:00Z 2020 Final Year Project (FYP) https://hdl.handle.net/10356/140674 en SCSE19-0321 application/pdf Nanyang Technological University |
| spellingShingle | Engineering::Computer science and engineering Loh, Qi Yuan Automating the fuzzing triage process |
| title | Automating the fuzzing triage process |
| title_full | Automating the fuzzing triage process |
| title_fullStr | Automating the fuzzing triage process |
| title_full_unstemmed | Automating the fuzzing triage process |
| title_short | Automating the fuzzing triage process |
| title_sort | automating the fuzzing triage process |
| topic | Engineering::Computer science and engineering |
| url | https://hdl.handle.net/10356/140674 |
| work_keys_str_mv | AT lohqiyuan automatingthefuzzingtriageprocess |