Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
Figure 3: The flow of fuzzing. [9]<br />
modifying the samples either randomly or based on the sample<br />
structure [11]. In generation-based fuzzing, the process of data<br />
element identification is automated by using protocol models<br />
[11].<br />
Specification-based Fuzzing<br />
Specification-based fuzzing is a form of generation-based<br />
fuzzing, which uses protocol and file format specifications to<br />
provide the fuzzer with protocol or file format specific information,<br />
e.g., on the boundary limits of the data elements [11].<br />
Specification-based test generation achieves excellent coverage<br />
testing the protocol features included in the specification.<br />
However, new features and proprietary features not included in<br />
the specification are not covered [12]. If no specification is available,<br />
then the best fuzzing results can be achieved with mutation-based<br />
fuzzers [12]. Generation-based testing can also be<br />
complemented with longer mutation-based fuzzing test runs.<br />
Some vulnerabilities might only be triggered through more aggressive<br />
input space testing [12]. Thus, the best test results are<br />
achieved by combining testing techniques.<br />
7<br />
Abuse Situation Awareness<br />
Human error is frequently attributed as the main cause of security<br />
breaches [13]. Endsley argues that the term “human error”<br />
is misleading, because it implies that the problems are caused<br />
by careless, poorly trained employees, when in most cases the<br />
real problem is inadequate situation awareness [14]. Security<br />
personnel operate in highly complex networks and handle vast<br />
amounts of information [14]. The problem is not that they do<br />
not know what is the correct way to react to incidents. Finding<br />
and identifying security incidents from the flood of network information<br />
is very difficult [14].