Comments on: Fuzzing talk at the Mozilla Summit http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-mozilla-summit/ Jesse Ruderman on Firefox, security, and more Fri, 09 Sep 2011 05:56:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Darren http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-mozilla-summit/comment-page-1/#comment-9011 Darren Tue, 14 Dec 2010 23:31:49 +0000 http://www.squarefree.com/?p=594#comment-9011 We've got a pretty cool resource we've put together for the security community as a means to learn how to use fuzzers and do automation. It's an application specifically built to contain vulnerabilities discoverable by fuzzing techniques...and an in-depth article showing how to do it. We'd love for you to feature it if you think your readers would like it: http://resources.infosecinstitute.com/intro-to-fuzzing/ We’ve got a pretty cool resource we’ve put together for the security community as a means to learn how to use fuzzers and do automation.

It’s an application specifically built to contain vulnerabilities discoverable by fuzzing techniques…and an in-depth article showing how to do it. We’d love for you to feature it if you think your readers would like it: http://resources.infosecinstitute.com/intro-to-fuzzing/

]]> By: Anonym http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-mozilla-summit/comment-page-1/#comment-7452 Anonym Wed, 18 Aug 2010 01:47:39 +0000 http://www.squarefree.com/?p=594#comment-7452 This is an awesome presentation. Thanks! I thought I'd share a pointer to the Lithium test case minimization tool, for others, since it turns out to be surprisingly hard to Google. :-) Here's what I found: http://www.squarefree.com/lithium/ This is an awesome presentation. Thanks!

I thought I’d share a pointer to the Lithium test case minimization tool, for others, since it turns out to be surprisingly hard to Google. :-) Here’s what I found:

http://www.squarefree.com/lithium/

]]> By: Jesse Ruderman http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-mozilla-summit/comment-page-1/#comment-7182 Jesse Ruderman Fri, 16 Jul 2010 15:04:18 +0000 http://www.squarefree.com/?p=594#comment-7182 My DOM fuzzer doesn't specifically look for Same Origin Policy bypasses, but it has triggered assertion failures that indicated bugs in privilege- and wrapper-related code. Assertions are great. My DOM fuzzer doesn’t specifically look for Same Origin Policy bypasses, but it has triggered assertion failures that indicated bugs in privilege- and wrapper-related code. Assertions are great.

]]> By: Soroush Dalili http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-mozilla-summit/comment-page-1/#comment-7151 Soroush Dalili Fri, 16 Jul 2010 08:41:12 +0000 http://www.squarefree.com/?p=594#comment-7151 I'm waiting to see your new fuzzing technique. I know that there are several DOM fuzzers which iterate all objects and call the functions and fuzz them. Is there anything new in your technique? Is it intelligent enough to detect Same Origin Policy bypass vulnerabilities as well as the memory corruptions? Thanks for sharing the information in advance. Cheers, Soroush Soroush.secproject.com/blog/ I’m waiting to see your new fuzzing technique. I know that there are several DOM fuzzers which iterate all objects and call the functions and fuzz them. Is there anything new in your technique? Is it intelligent enough to detect Same Origin Policy bypass vulnerabilities as well as the memory corruptions? Thanks for sharing the information in advance.

Cheers,
Soroush
Soroush.secproject.com/blog/

]]>