Fuzzing is an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components:
- A poet creates the malformed inputs or test cases.
- A courier delivers test cases to the target software.
- Finally, an oracle detects target failures.
Different fuzzing techniques have a significant effect on fuzzing effectiveness. For the most part, the poet is more effective when it is able to create test cases that are almost correct,but anomalous in some way. Different oracle techniques provide varying levels of failure detection capability. Multiple oracle techniques can be used together to help detect the maximum number of failures. In this white paper, we explain how the poet, the courier, and the oracle can work together.