Date Added: Aug 2010
Assessing software security involves steps such as code review, risk analysis, penetration testing and fuzzing. During the fuzzing phase, the testeras goal is to find flaws in software by sending unexpected input to the target application and monitoring its behavior. In this paper, the authors introduce the AutoFuzz - extendable, open source framework used for testing network protocol implementations. AutoFuzz is a "Smart", man-in-the-middle, semi-deterministic network protocol fuzzing framework. AutoFuzz learns a protocol implementation by constructing a Finite State Automaton (FSA) which captures the observed communications between a client and a server.