White-box Fuzzing
Publish date: 2016-12-20
Report number: FOI-R--4329--SE
Pages: 31
Written in: Swedish
Keywords:
- Security testing
- fuzzing
- white-box fuzzing
- automated program analysis
Abstract
A third of the security vulnerabilities discovered in Windows 7 has been discovered using white-box fuzzing, a technique for generating security tests by means of automated program analysis. This report introduces white-box fuzzing. The report relates white-box fuzzing to black-box fuzzing and other forms of automated security testing, and presents a selection of white-box fuzzing tools, including IntelliTest in Visual Studio 2015. The report concludes with a study of a professional software developer assisted by IntelliTest.