模糊测试技术研究

随着人们对软件安全问题关注度的不断提升,漏洞挖掘技术逐渐成为业内热点的研究内容.但传统的漏洞挖掘技术耗时长耗工大,更重要的是不能全面的探测出软件中的漏洞,因此一种简单高效的漏洞挖掘技术,即模糊测试技术,逐渐成为了研究者们关注的重点.本文首先重点介绍了模糊测试技术的相关理论知识及研究进展情况,并对比了传统漏洞挖掘技术与模糊测试技术进而说明模糊测试技术具有传统漏洞挖掘方法无可比拟的优势.之后,研究了目前模糊测试技术在各个领域内的应用情况,并比较了现有模糊测试工具的优缺点.最后列举出模糊测试技术的局限性,并阐述了模糊测试技术未来的发展方向.

The research progress of fuzz testing technology

With the improving of the people attention to software security problem, vulnerability detecting technology gradually become the focus of the research content now. But the traditional vulnerability discovery technology costs long time and need large manpower, and what is more important is that the traditional discovery technology cannot detect the loopholes in the software comprehensively, so a simple and efficient mining technology, namely fuzzing, gradually attract the researchers＇ attention. This article first introduces the development course of fuzzing and related theory knowledge, and then compares the traditional vulnerability mining technology with fuzzing, which can shows that the fuzzing have the incomparable advantages which traditional hole digging method does not have, and studies the fuzzing in all fields of application, as well as the advantages and disadvantages of the fuzzers, at last enumerates the fuzzing＇s limitations of testing technology, and expounds the fuzzing＇s development direction in the future.