Perform fuzzing of different GPL or AGPL licensed codes written in different languages.
oscommerce GPL php
KonaKart LGPL java
zen cart GPL php
spree BSD ruby
Apache OFBiz Apache java
ce phoenix GPL php
I have to deliver a:
.zip or .tar.gz file containing the following files: -Written report in pdf format -Link to the analyzed source code -Scripts used for fuzzing (.sh or .bat)
The written report should include:
-Description of at least 3 vulnerabilities present in the source code.
-Name of software, version and operating system used for fuzzing.
-Results obtained from fuzzing.
It sounds harsh, but if you’re taking the course, you should be able to do it*. And, call me old-fashioned, but if you can’t, you shouldn’t pass the course.
( * unless you’ve got a terrible tutor, of course.)
So, lets start with the basics; cause if you cant answer these, you wont be able to do the work, and you shouldnt be able to do the work.
What is fuzzing? How do you do it?
What are you looking for when you do fuzzing? What would you expect to see/report on?
What environment will you be doing the fuzzing in?