Solving real world security problems hacking and protection

Abstract

Penetration testing of programs is very important in cyber security as security vulnerabilities usually occur as a result of slight programming errors. One such method is fuzzing. There is large number of fuzzing tools that are currently available, and multiple improvements have also been made to current fuzzing techniques. The primary fuzzing tool used is the American Fuzzy Lop (AFL). This project tests programs for possible security vulnerabilities and intends to develop an improved version of the AFL. During the testing phase, target programs were initially chosen based on ease of fuzzing in order to understand how fuzzing is done. Upon understanding how the tool is used, commonly used libraries and programs were randomly chosen as the target program for fuzzing. During the development of the new fuzzing program, the Fuzzing Orchestration Tool (FOT), other programs like Django, python and Hypertext Markup Language (HTML) have been adopted in the development of the user interface. The user interface is made to ensure that information displayed are clear, concise and easily understandable. Graphs are also available to show the overall performance of the fuzzing tool, and only important information will be displayed. Further studies can also be conducted in the future to explore the implementation of other algorithms used by the different fuzzers into the FOT. Additional research can also be carried out on other fuzzing tools as the mutation algorithms used by the individual fuzzers work differently, and may hence produce different results.