Consider an integer
in a program that stores the result of a user's choice between 3 questions.
When the user picks one, the choice will be 0, 1 or 2, which makes three
practical cases. But what if we transmit 3 or 255? If the default switch case
hasn't been implemented securely, the program may crash and lead to classical
security issues: exploitable buffer overflow, DoS etc.
Fuzzing is the art
of automatic vulnerabilities finding providing malformed or semi-malformed data
to the input of the program.
In the training I
will explain how to apply this technique on practice, what preparations are
required before start and show frameworks that help to automate this process.