Home
Consulting
Advisories
Software
Articles
Contact

Fuzzer Develoment and Deployment Services

Our fuzzers find critical vulnerabilities that others miss. They have found vulnerabilities in a multitude of widely deploy targets such as Java and Python.

Fuzzing: Is it Needed?

Assessing the attack surface of an application to determine whether fuzzing is necessary is a task that requires a great deal of expertise and experience. For some software projects, fuzzing is not needed. In others, it is critical to verifying correctness and security in a timely and sustained fashion.

Generally, fuzzing is used to test native applications that accept untrusted input in some form, whether it be from a file, network connection, or another source. Fuzzing is used less often against managed and scripted software, but still finds use in some domains such as web applications.

For a free assessment to determine if your software project exposes attack surface that may benefit from fuzzing, contact us.

Dumb Fuzzing vs Smart Fuzzing

For most attack surfaces, so-called "dumb" fuzzers serve as an adequate initial solution. Little if any custom development is needed in most cases, and proven general purpose fuzzers can be used. General purpose fuzzers tend to perform well against targets such as simple binary file formats, but coverage may be limited when used against more advanced attack surfaces.

Configuring and running a fuzzer for the first time can be challenging, and with more complex targets it can be difficult to determine if the fuzzer is achieving any coverage at all. Of course, once the initial hurdles have been overcome, the automation can be run with minimal effort. We can help get you started with fuzzing.

Custom Smart Fuzzer Development

We have a proprietary fuzzer development toolchain designed to construct highly effective generational and mutational hybrid fuzzers. Fuzzers designed to target a specific attack surface (generally referred to as "smart fuzzers") achieve a much higher degree of code coverage than their standard counterparts, and provide an edge in the discovery of critical security vulnerabilities. Our fuzzers have a history of finding long standing vulnerabilities in high profile software, such as Python and PHP.

We are experts at developing many classes of fuzzers, including but not limited to:

Contact us if you are interested in discussing requirements for custom fuzzer development.

If you need assistance setting up or otherwise running a fuzzer against a target application, we can provide support for our end-to-end fuzzing harness, Birch. Birch automatically handles debugging, process management, exception management, UI automation, and many other tasks critical to effective fuzzing.

Contact Us

Want to talk fuzzing? Get in touch.


Submit







Copyright © 2018 AutoSec Tools LLC