Distributed fuzzing for software vulnerability discovery
Date
2018
Authors
Maalim, Farhiya Osman
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Information Security is concerned with effectively protecting the confidentiality, integrity and availability of data. Software bugs/defects threaten these three elements of information security. By failing to identify and focus upon the root causes of risks such as software vulnerabilities, there is a danger that the response to Information Security compromises become solely reactive.
Fuzzing is a software testing technique that is used to discover software vulnerabilities. The project undertaken is a Distributed Fuzzer that runs on multiple computing environments in the cloud. The advantage of distributed fuzzing compared to regular fuzzing is the ability to run multiple test cases concurrently thus increasing the efficiency of fuzzing.
The aim of this project is to improve fuzzing in order to increase the efficiency of discovering vulnerabilities and software defects. This will ultimately increase the security of a software/application.
The research study was accomplished by using Ansible as a system orchestration tool to run AFL Fuzzers on multiple computing environments in the cloud. The results were collected and presented in this study.
Description
Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University
Keywords
fuzzer, distributed fuzzer, scalability