Tesi etd-05302023-113912 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
MORUCCI, DAVIDE
URN
etd-05302023-113912
Titolo
Comparative Analysis of Greybox and Blackbox Fuzzing Methods for C# Software Testing, using the AFL-based Approach
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof. Perazzo, Pericle
tutor Dott. Brocchini, Massimiliano
tutor Dott. Brocchini, Massimiliano
Parole chiave
- fuzzy testing
Data inizio appello
16/06/2023
Consultabilità
Tesi non consultabile
Riassunto
Fuzzing Testing is a software testing technique that involves sending random or mutated inputs to a program to detect bugs or vulnerabilities. In recent years, it has gained increasing popularity among developers and beyond. AFL++ is one of the most well-known and powerful fuzzing tools that utilizes various techniques to maximize code coverage and discover new bugs. In the same context, SharpFuzzer works as a fork of AFL originally, specifically used for testing native .NET programs.
Our objective in this regard was to evaluate the capabilities of these two state-of-the-art tools by testing them on a series of in-house .NET applications at Vianova, with the aim of assessing the effectiveness and validity of a Fuzzer like AFL++/SharpFuzzer. The applications tested in this instance were modified and expanded to incorporate a series of additional modules, enabling them to be effectively tested with the assistance of the two fuzzers.
The results obtained during the testing confirmed our expectations regarding the effectiveness and validity of a Greybox fuzzer compared to a Blackbox fuzzer, while also highlighting a serious issue related to Blackbox fuzzing with Qemu (AFL++), which was duly documented and reported to the tool's developers
Our objective in this regard was to evaluate the capabilities of these two state-of-the-art tools by testing them on a series of in-house .NET applications at Vianova, with the aim of assessing the effectiveness and validity of a Fuzzer like AFL++/SharpFuzzer. The applications tested in this instance were modified and expanded to incorporate a series of additional modules, enabling them to be effectively tested with the assistance of the two fuzzers.
The results obtained during the testing confirmed our expectations regarding the effectiveness and validity of a Greybox fuzzer compared to a Blackbox fuzzer, while also highlighting a serious issue related to Blackbox fuzzing with Qemu (AFL++), which was duly documented and reported to the tool's developers
File
Nome file | Dimensione |
---|---|
Tesi non consultabile. |