Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: School project start: a fuzzer

From: Adrien Krunch Kunysz <adrien () kunysz be>
Date: Fri, 8 May 2009 19:42:55 +0100
On Fri, May 08, 2009 at 11:11:29AM +0200, Martin Zember wrote:

We have a lot of time (9 months, 5 people, 1day per week), but not more, so it
is not a good ground for research. The project should be implemented,
documented, finished, presented. The question is, how deep can we go (what to
promise in the specification)? My guess is that detecting success during
fuzzing only when application crashes is too lame. "Feedback fuzzing" is maybe
too complicated. What is realistic?


If you don't have that much experience with managing software projects,
a "simple" fuzzer with all the required flexibility to make it adaptable
to real software seems like a good project that can keep five students
busy for 9*4 = 36 days. However I see this more like an interface design
challenge (how do you make it flexible enough to adapt to most targets
while keeping it easy enough to configure?) than a coding challenge.


Even though it would be nice, we did not find a paid project, which is
interesting enough. We are not obliged to do a fuzzer so other suggestions or
warnings are welcome.


Somewhat related to security, back when I had to find project for a
compiler course at the uni I had this idea to write a pf to iptables
converter. We went with another idea in the end but this may be
interesting to you if that's the sort of thing you are into. I thing
this project can be especially interesting for a uni course considering
you can easily reduce/expand it by choosing to implement more or less
of the iptables/pf options/syntax.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: