Google ships open-source security fuzzer

Summary:Google's security team has released a fuzz testing tool that was used internally to find multiple vulnerabilities in Internet-critical software products.

Google ships open-source security fuzzer
Google's security team has released a fuzz testing tool that was used internally to find multiple vulnerabilities in Internet-critical software products.

The fuzzer, called Flayer, is an analysis and flow alteration tool that has been used to find errors in real software. In the past year, results from Flayer has led to the discovery of security holes in several open-source products, including OpenSSH, OpenSSL, LibTIFF and libPNG.

[ SEE: Google’s anti-malware team comes out of the shadows ]

This tool, publicly available under the GPL, was discussed by Google's Will Drewry at the WOOT '07 conference and on the company's security blog:

Fuzz testers, or fuzzers, are used during pen tests to pinpoint security vulnerabilities by sending random input to an application. If the program contains a vulnerability that leads to an exception, crash or server error, researchers can parse the results of the test to pinpoint the cause of the crash.

ALSO SEE: Microsoft security guru: Get fuzzing

Topics: Security, Google, Open Source

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.