CERT Releases Basic Fuzzing Framework 51
infoLaw passes along this excerpt from Threatpost: "Carnegie Mellon University's Computer Emergency Response Team has released a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. The Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing. It includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test."
Fuzzing is only useful, if only moderately so (Score:1, Insightful)
Anything that you write that uses a regex you should beat on with some fuzzing logic, since they can tend to increase in computational time non-linearly, and next thing you know you got a DOS on your hands.
TIP OF THE DAY for you FROM ME
Re:bleh (Score:3, Insightful)
BFF? (Score:3, Insightful)
Re:bleh (Score:3, Insightful)
If there is one place I've seen worse code than OSS, it would be in academia.
Bizarrely, this is also where I've seen the most brilliant code.
If you look closely, you'll find that the "brilliant code" is most often written by academics who have industry programming experience. Similarly, in industry, you will find that the best code is written by experienced programmers with rigorous academic backgrounds. In contrast, the academics who insist that computer science has nothing to do with programming, and the self-taught hackers who proudly proclaim their lack of all that fancy book-larnin', are two sides of the same worthless coin.
Re:axfuzz (Score:3, Insightful)
I think the fact they are using a modified form means they did judge you, and found it good enough to use as a start. That should count for something.