Now a days software technology is increasing day byday and the risks prone to it are also increasing exponentially. So, there is needto think about the security for the software. According to one survey reportthere is loss of several thousands of dollars for one security breach. In orderto overcome these security risks there should be some testing software to testthe vulnerabilities and report them, one of them is fuzz testing.Fuzz testing is a technique which inputs random datato a particular software, in order to know the vulnerabilities of thatsoftware. There are some specific rules to input the code so that it works in aexpected manner, that is code should be some what similar so that it passesconsistency checks, it also should be variant so that it causes exceptionalbehaviour and leads to crash of the interpreter. LangFuzz is the technique thatfollows the above specified rules.
, crossfuzz, ref fuzz,mangleme, canvas fuzzer and transfuzz. If observed, the working of LangFuzz, it usesthe two methods of approaches called Generative approach and Mutative approach.Though it is language independent, it should follow some language semanticrules in order to be implemented effectively. In code generation, languagegrammar is used to generate code fragments, these code fragments should beadjusted to the environment in order that there is no error even if identifiedby the identifiers. There are two phases in the code mutation, a learning phasewhere set of files are processed with help of parser, then non terminals aregenerated, so the aim to identify bugs becomes easier, in main mutation phase aparticular file is processed several times by a parser. After this LangFuzzstarts the implementation process, here to parse the input code ANTLR frameworkis used. Next is code generation, in this a step wise elaboration algorithm isused to produce code fragments and these fragments are to adjusted to present environment.
Later mapping is done with names of identifiers. If identifiers maps one objectto another object, all the properties of first object are transferred to laterone. To run a mutation test, LangFuzz should run the test onits proper test harness. For example Mozilla test suite has a file shell.
To know theeffectiveness of LangFuzz, three types of evaluation process is done. 1.External validation, 2.
Internal validation and 3. Field study. Here we compareLangFuzz and jsfunfuzz, when the both tools are run on the same environment,i.e.
, same windows, same time and the CPU and RAM are distributed equally. Somedefects found are common in both, so we can say they overlap and effectivenessis calculated as the ratio of defects found by LangFuzz to the defects found byjsfunfuzz. This is compared by Mozilla’s TraceMonkey, because it is publiclyavailable and data is provided by Mozilla team, can be used directly. Intesting for example, a bug is introduced in a testing window after few minutesbug is detected by jsfunfuzz and that bug is fixed at a point of stage, processis repeated several times. In external validation jsfunfuzz detected 23 defectsof which 15 were present in the testing window. Langfuzz detected 26 defects ofwhich 8 were present in the same testing window. It is clear that LangFuzz hasdetected more number of defects outside the testing window. By the output resultit is clear that Langfuzz is 53% as effective as jsfunfuzz.
There isalso case that all the defects identified by it are not real and there might besome duplicates. Toconclude, Fuzz testing is the process which is very easy to implement, ifprovided with particular language and particular semantic rules it is veryeffective. In this Langfuzz is method which is adaptable easily. It identifiesthe potential software vulnerabilities very quickly. As it works very well forreal time implementations several web browsers use this technique.
It uses thesimple and small algorithms like ‘Shortest terminal string’ and once the run testis triggered then there is no need of manual interaction, it automaticallyidentifies the bug and reports the defects.