Security Defect Metrics For Targeted Fuzzing presented at CanSecWest 2011

by Dustin Duran ( Microsoft ), Matt Miller ( Microsoft ), David Weston ( Microsoft ),

Tags: Security

Summary : One of the limitations of traditional fuzz testing is that it is difficult for resource-constrained software development teams to intentionally focus fuzzing efforts on specific parts of a program which may be more likely to yield vulnerabilities. As a result, it has not been possible to leverage well established defect metrics, such as cyclomatic complexity, in conjunction with fuzzing. In this presentation we will show how recent developments in taint analysis and fuzzing technology can be used to enable granular targeting of specific parts of a program in conjunction with defect metrics. Based on these new capabilities, we will also present a comparative analysis of the effectiveness of using various defect metrics as a method of prioritizing fuzzing targets and driving fuzzing strategies.