Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fuzzing Toolkit For Web Server Testing

Posted by kdawson on from the cheese-it dept.

prostoalex writes "Dr. Dobb's Journal runs an article discussing the tools necessary for fuzzing (testing a system by generating random input in order to cause program failure or crash). Quoting: 'You are fuzzing a Web server's capability to handle malformed POST data and discover a potentially exploitable memory corruption condition when the 50th test case you sent that crashes the service. You restart the Web daemon and retransmit your last malicious payload, but nothing happens... The issue must rely on some combination of inputs. Perhaps an earlier packet put the Web server in a state that later allowed the 50th test to trigger the memory corruption. We can't tell without further analysis and we can't narrow the possibilities down without the capability of replaying the entire test set in a methodical fashion.'"

9 of 47 comments (clear)

  1. fuzzing by Anonymous Coward · · Score: -1, Offtopic

    is what happened to your face during puberty

  2. Why does Slashdot refuse to cover by Anonymous Coward · · Score: -1, Offtopic

    The Chris Benoit / Wikipedia situation? Despite dozens of submissions and tons of mass media coverage, Slashdot will not run a story.

    1. Re:Why does Slashdot refuse to cover by Adult+film+producer · · Score: 0, Offtopic

      The Chris Benoit / Wikipedia situation? Despite dozens of submissions and tons of mass media coverage, Slashdot will not run a story.

      Chris Benoit from what little I know is a pro-wrestler that killed his wife & son .. or it was some sort of suicide pact, who cares I guess. Should that be included in "news for nerds" ? How about some Paris Hilton stories instead?

    2. Re:Why does Slashdot refuse to cover by Anonymous Coward · · Score: -1, Offtopic

      Well, when the murder is reported on Wikipedia 14 hours before police discover the body, yes, it is news for nerds.

    3. Re:Why does Slashdot refuse to cover by Anonymous Coward · · Score: -1, Offtopic

      Just proves the GP's point; you don't know the story, that someone posted to Wikipedia about his wife's death before it was public knowledge.

    4. Re:Why does Slashdot refuse to cover by Attila+Dimedici · · Score: 0, Offtopic

      The fact that someone made a Wikipedia entry to the gist of "Chris Benoit missed a match, because of his wife's death" 12 hours before the bodies were found makes this story potentially interesting to /.. That being said, at this point I have not heard antyhing that moves it into the "Why isn't it on /.?" category yet.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
  3. Re:Bump Key? by MyLongNickName · · Score: 0, Offtopic

    I didn't know my manager had a Slashdot account! Honest, I don't post here while I am on duty, boss!

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  4. Use virtual machines and snapshots? by TheLink · · Score: 0, Offtopic

    It's not 100%, but if your random number generator (not totally random) started with a random known seed, you might be able to recreate the event.

    --
  5. crashme by harry666t · · Score: 0, Offtopic

    lol. Half an hour ago I ran crashme on my 2.6.18 debian box.

    And guess what? It crashed.