73.2k views
4 votes
(50pt) choose a program. it could be your lexer from the project, a project from another class, or a program you found online. make sure it is a program you understand the input format and it is not overly complicated. write three fuzzers (like i did in class) to test this program: a mutation fuzzer, generation fuzzer, and a protocol-based fuzzer. run a few tests from each fuzzer on the program. what did you learn? did you discover any bugs you did not know were there? you may use java,c,c , or python to write your fuzzers.

User MrRoman
by
4.0k points

2 Answers

3 votes

Final answer:

A student wrote three types of fuzzers to test a program and found that the new test program generated an error twice in 50 runs, which might be a basis for convincing the management to use this method for uncovering more bugs.

Step-by-step explanation:

The student is tasked with choosing a program and writing three different types of fuzzers: a mutation fuzzer, a generation fuzzer, and a protocol-based fuzzer. The aim is to test the program's robustness and identify any unknown bugs. The described scenario illustrates running a test program 50 times, which resulted in generating an error twice, implying the fuzzer could help identify program vulnerabilities more frequently than the original.

While two instances of the error in 50 runs may not appear significantly better, it shows that the new test program can indeed provoke the error, therefore potentially being a more efficient tool for finding and fixing the bug in question. If this rate of error generation is higher than what the original test program could produce, it can be a valid argument for its use to management.

Moreover, writing and testing with fuzzers allows the student to learn more about system behavior under unexpected or malformed inputs, which is key in strengthening the program's reliability and security.

User Diomara
by
3.9k points
1 vote

Answer:

where r my 50 points??

Step-by-step explanation:

User Rmunn
by
4.3k points