摘要
Fuzzing测试是一种自动化发掘软件漏洞的方法,本文讨论了文件格式漏洞利用的现状及Fuzzing测试的研究进展,提出了一个文件格式漏洞Fuzzing测试框架,在FileFuzz的基础上实现了一种文件格式Fuzzing测试工具,可以实现对任意文件格式的测试。并可有效地提高测试效率,最后给出了该工具测试的实例。
Abstract: Fuzzing is a technique of automatic vulnerabRity mining. In the light of the research of Fuzzing test and in combination of file format characteristics, a technique of vulnerability mining based on Fuzzing test is proposed. And a Fuzzing tool of this technique is also discussed which is efficient and can be used for any file format. Taking MS04-028 as an example, the usage of this tool is also discussed in this paper.
作者
项巧莲
XIANG Qiao-lian(Center of Computing & Experimenting of South-central University for Nationalities, Wuhan 430074, China)
出处
《电脑知识与技术》
2008年第3期1259-1261,共3页
Computer Knowledge and Technology
基金
中南民族大学一般项目(YZY05002)
