Microsoft Announces OneFuzz Framework
Written by Kay Ewbank   
Friday, 18 September 2020

Microsoft has announced Project OneFuzz framework, an open source developer tool to find and fix bugs at scale. The automated, open-source tool will replace the Microsoft Security and Risk Detection tool.

Project OneFuzz is an extensible fuzz testing framework for Azure that will be available through GitHub as an open-source tool. Microsoft developers in the Edge and Windows teams are already using the framework.

springfield

While fuzz testing is an effective method for finding and removing exploitable security flaws, it can be complicated to make use of and to extract information from. This has meant fuzz testing has been seen as requiring dedicated security engineering teams to build and operate. The aim is to let developers perform fuzz testing, so shifting the discovery of vulnerabilities to earlier in the development lifecycle.

Microsoft says that recent advancements in the compiler world, open-sourced in LLVM and pioneered by Google, have transformed the security engineering tasks involved in fuzz testing native code. 

Experimental support for fuzz testing techniques is being added to Visual Studio, and Microsoft says once the test binaries can be built by a compiler, today’s developers are left with the challenge of building them into a CI/CD pipeline and scaling fuzzing workloads in the cloud.

Project OneFuzz supports the creation of composable fuzzing workflows that can include other fuzzers and different instrumentation. It comes with built-in ensemble fuzzing where inputs of interest can be swapped between fuzzing technologies.

OneFuzz also provides flaw cases that always reproduce errors to assist with testing, along with on-demand live-debugging of found crashes. This means developers can summon a live debugging session on-demand or from their build system. The software can be used on Windows and Linux, running on your own OS build, kernel, or nested hypervisor.

springfield

More Information

OneFuzz On GitHub

Open Source Fuzzing Session At CppCon 2020

Related Articles

Google Launches Fuzzer Benchmarking Service

Microsoft Launches Cloud Fuzzing Service

New tool detects RegEx security weakness

Tactical Pentesting With Burp Suite

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Imagine Cup Junior 2021 Underway
09/10/2020

Microsoft has announced the launch of Imagine Cup Junior AI for Good Challenge 2021. This is the second year the competition for secondary students has run, with last year's competition seeing entries [ ... ]



MDN Web Docs Call For Participation
27/10/2020

There's a new editorial strategy for MDN Web Docs and a radical platform change is on the cards. Meanwhile the call has gone our for the community to rally round and help out with day-to-day tasks on  [ ... ]


More News

square

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 18 September 2020 )