Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Excerpt |
---|
The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. |
At the CERT/CC, we have used the FOE infrastructure to find a number of critical vulnerabilities in products such as Adobe Reader, Flash Player, and Shockwave player; Microsoft Office and Windows; Google Chrome; Oracle Outside In; Autonomy Keyview IDOL; Apple QuickTime; and many others. See Public Vulnerabilities Discovered Using FOE.
Source Code
Source code for BFF and FOE can be found at at https://github.com/CERTCC-Vulnerability-Analysis/certfuzz.
Issues can be reported at https://github.com/CERTCC-Vulnerability-Analysis/certfuzz/issues.
More information about FOE
Children Display | ||||||
---|---|---|---|---|---|---|
|
Panel | ||
---|---|---|
| ||
Download FOE |
Note |
---|
This software package contains both the source code for the distribution and a binary installer package for Windows. The installer package will attempt to install FOE and its dependent software packages on the system. |
Warning |
---|
If you wish to evaluate the binary installer, it is highly advisable to do so on a non-enterprise system devoted solely to testing. |
Tip |
---|
An ISO image is also available for convenient use within a Windows virtual machine instance. |
Panel |
---|
Source CodeImage Added |
Other Links
- CERT Basic Fuzzing Framework BFF - GitHub
- Failure Observation Engine (FOE) tutorial - YouTube
- [PDF] Fuzz Testing for Dummies - fuzzing.info
- Let's Fuzz: IrfanView | SingleHop
- New CERT Tools Help Developers Find Vulnerabilities | SecurityWeek.Com
- A Basic Distributed Fuzzing Framework for FOE - Adobe Blogs