Do I Need to Fuzz For the SDL? Black box fuzz testing is a requirement of the Verification phase of the SDL, the industry-leading software security assurance process that was created by Microsoft and proven effective since 2004. Given diligent application of required security activities in the Design and Implementation phases, fuzzing done at the Verification phase confirms that […]
Read More… from BeSTORM: Fuzzing and the Microsoft Security Development Lifecycle (SDL)
Hackers vs. Applications A homeowner thinks to secure himself using a lock that can only be opened with the correct key. The burglar may ignore the complexities of lock-picking and try to slide a flexible plastic sheet through the gap between the door and the door jamb to push the catch back. In other words, […]
Why is Software Testing Important for Aviation? Software for aircraft systems, from navigation to the entertainment system, must be proven to be free of unwanted reaction to every possible input, whether predicted by the designers or not. Safe operation of an aircraft depends upon every component being able to operate not only when receiving expected […]
Fuzzing as a fundamental software security test The goal of fuzzing is to perform an exhaustive analysis and uncover new and unknown vulnerabilities in applications, files and hardware. True fuzzing does not work from a pre-designed set of test cases, look for certain attack signatures or attempt to locate known vulnerabilities in products. Fuzzing is […]
What is Fuzzing in Cybersecurity? Unlike most dynamic application security testing tools, black box fuzzers do not look for certain attack signatures or attempt to locate known vulnerabilities in products, but rather deliver the widest possible range of unexpected input in order to uncover new and unknown vulnerabilities in network products. When you need more than vulnerability management […]
Never-ending Vulnerabilities The digital age has opened the door for a seemingly endless number of cybersecurity vulnerabilities. In order to keep track, Open Web Application Security Project® (OWASP), provides a top 10 list of known and newly discovered vulnerabilities. Focused on software security, OWASP is an online community that provides documentation and other reference tools […]