| With the great development of software products and Internet, the security of product and network become more and more important. Software security testing is becoming more and more pressing. The mining method for Oday includes source code audit, binary audit, Fuzz testing, and so on. Fuzz testing is frequently used in general industry, which is a safety testing and one of the main security testing used in the software product security and network security.Firstly, this paper introduced the basic method of software testing, including Black-box case test analysis of the boundary value method, equivalence class method, and common method of network security vulnerabilities, such as Web security vulnerability detection, SQL injection, buffer overflow. Some cases designed on the boundary value method, equivalence class allocation.Secondly, Fuzz testing highlighted the main technical and testing tools. Fuzz test cases described and random number generation process is in detail, and the first experiment used Fuzz ActiveX tool named COMRaider to test mps.dll file by the function of OnBeforeVideoDownload to detect vulnerability, using the disassembly tool of OllyDbg and IDA pro to debug, compiling the code of testing. The second experiment used FileFuzz to detect vulnerbility of MediaPlay. When had finished, there was a vulnerability to exploit.The method of using COMRaider and FileFuzz designed in this thesis to exploit vulnerabilities, to a certain extent, helping to detect more and more secure vulnerabilities, They might be used as the reference of detecting more advanced secure vulnerabilities. |
PDF Full Text Request