Fuzzing talk at the Mozilla Summit
At the 2010 Mozilla Summit, I talked about my JavaScript engine and DOM fuzzers, which have each found many hundreds of bugs. I also talked about the automations that keep me sane when I fuzz these complex components.
My slides are in the S5 web-based presentation format. You can click the Ø button to view the presentation in "handout mode" and see what I planned to say while each slide was up.
I shared a presentation slot with Mozilla contractor Paul Nickerson, who has a separate slide deck. He wisely saved the best part of his talk for the end: a demo of his font fuzzer causing Windows 7 to blue-screen.
July 16th, 2010 at 1:41 am
I’m waiting to see your new fuzzing technique. I know that there are several DOM fuzzers which iterate all objects and call the functions and fuzz them. Is there anything new in your technique? Is it intelligent enough to detect Same Origin Policy bypass vulnerabilities as well as the memory corruptions? Thanks for sharing the information in advance.
Cheers,
Soroush
Soroush.secproject.com/blog/
July 16th, 2010 at 8:04 am
My DOM fuzzer doesn’t specifically look for Same Origin Policy bypasses, but it has triggered assertion failures that indicated bugs in privilege- and wrapper-related code. Assertions are great.
August 17th, 2010 at 6:47 pm
This is an awesome presentation. Thanks!
I thought I’d share a pointer to the Lithium test case minimization tool, for others, since it turns out to be surprisingly hard to Google. :-) Here’s what I found:
http://www.squarefree.com/lithium/
December 14th, 2010 at 4:31 pm
We’ve got a pretty cool resource we’ve put together for the security community as a means to learn how to use fuzzers and do automation.
It’s an application specifically built to contain vulnerabilities discoverable by fuzzing techniques…and an in-depth article showing how to do it. We’d love for you to feature it if you think your readers would like it: http://resources.infosecinstitute.com/intro-to-fuzzing/