| The great development of computer and network technology accelerates the process of information society, makes people with information system in a closer relationship. Security has become one of the main problems in information society. Detecting and mining Oday vulnerabilities that may exist in information society will help to solve a large range of security problems. The mining method for Oday includes source code audit, binary audit, Fuzz testing, and so on. Fuzz testing is frequently used in general industry, which is a safety testing and one of the main security testing used in the software product security and network security.Firstly, this paper introduces the network protocol and protocol element. Secondly, it introduces the concept of Oday, common method of vulnerabilities mining, and three mining methods. Then, the paper detailed analyses the method of fuzz testing. Lastly, the paper uses Fuzz testing tools Peach which is based on framework platform to test ICMP and HTTP protocols, and these tests discover vulnerabilities of Ping of Death and buffer overflow. These tests just test the field which is more trigger the vulnerability by analyzing each field of protocol. This method avoids the disadvantage of the long time and a large number of redundancy test inputs for traditional Fuzz, improves the efficiency of Fuzz testing, and discovers the vulnerability for some devices. |
PDF Full Text Request