Comparative Evaluation of Security Fuzzing Approaches

This article compares security fuzzing approaches with respect to different characteristics commenting on their pro and cons concerning both their potential for exposing vulnerabilities and the expected effort required to do so. These preliminary considerations based on abstract reasoning and engineering judgement are subsequently confronted with experimental evaluations based on the application of three different fuzzing tools characterized by diverse data generation strategies on examples known to contain exploitable buffer overflows. Finally, an example inspired by a real-world application illustrates the importance of combining different fuzzing concepts in order to generate data in case fuzzing requires the generation of a plausible sequence of meaningful messages to be sent over a network to a software-based controller as well as the exploitation of a hidden vulnerability by its execution.