Protocol fuzz testing as a part of secure software development life cycle

Abstract

During the last couple of years the importance of software security has gained a lot of press recognition and it has become very important part of different software products especially in the embedded industry. To prevent software security vulnerabilities the secure software development life cycle is recommended as a development method to prevent implementation bugs and design flaws in the early phase of the product development. Secure software development life cycle recommends various different security actions to be taken in different phases of the development life cycle. Fuzz testing is one of these recommendations. Fuzz testing is an automated testing technique where the system under test is given modified and malformed also known as fuzzed input data. The purpose of fuzz testing is to find implementation bugs and security related vulnerabilities. Fuzz testing has been proven to be cost effective method to identify such issues. To increase the effectiveness of fuzz testing, such methods can be directly included in the implementation phase of the secure software development life cycle. The purpose of this thesis is to create a fuzz testing framework to fuzz proprietary protocols.