Tag Archives: fuzzing

Advisory: Certain domain names could allow execution of arbitrary code in Opera

Posted on November 18, 2009 by Chris Weber

Opera released 10.01 recently, which fixed a memory corruption issue found with Casaba’s IDN/URI fuzzer. http://www.opera.com/support/kb/view/938/

Posted in advisory | Tagged , , | Leave a comment

Unicode security attacks and test cases – fuzzing with Unicode

Posted on April 23, 2009 by Chris Weber

When it comes to fuzzing parsers, protocols, and other software, I want the fuzzer to be capable of producing tests specific to Unicode. Here’s what it should do at a minimum: Generate half a surrogate pair in UTF-8 or UTF-16 … Continue reading

Posted in Unicode, security, testing | Tagged , | Leave a comment

Fuzzing and detecting heap corruption with Gflags, pageheap, windbg and Image File Execution Options

Posted on May 30, 2008 by Chris Weber

It’s time again to do some good ol’ down home fuzzing on Windows and can’t forget to enable full page heap checking, else I could miss some important heap corruption issues. So to remind myself how to do this, let’s … Continue reading

Posted in debugging, security | Tagged , , , | Leave a comment

How to: Fuzzing Web Services on IIS 6.0 and ASP.NET

Posted on January 14, 2007 by Chris Weber

So we want to fuzz something SOAPy, again. Well here’s how we’re gonna do it. The approach I like to take with clients is a gray-box, or code-assisted penetration testing. Gray box analysis is a powerful technique combining input testing … Continue reading

Posted in Web, testing | Tagged , | 2 Comments

To fuzz or not to fuzz web services…

Posted on January 13, 2007 by Chris Weber

Is it worth the time to run input fuzzing tests against web services? When engaging a client for a security review I’m often the one to pose this question. Sure, why not… right? Well honestly there’s a more precise way … Continue reading

Posted in Web, testing | Tagged , | Leave a comment