I recently received some welcome/solicited feedback on my MSDN magazine fuzzing article (http://msdn.microsoft.com/msdnmag/issues/07/11/FUZZTesting). This is from Charlie Miller, who gave an in-depth fuzzing seminar at ToorCon this past Friday:

"So in the MS word file fuzzer example, you describe creating random files to parse. If you do this, I guarantee that 100% of them will fail to open, as they will not contain any structure of a word file. You should describe the mutation based fuzzing I described, i.e. start with a valid file and make some random changes to it."

The blurb for Charlie’s talk is here – http://www.toorcon.org/2007/event.php?id=60.

Thanks!

No Comments »