Microsoft this week announced the release of the Project OneFuzz which is an open-source fuzzing framework for its cloud computing service Azure. The project was previously used by the IT giant to find vulnerabilities in the popular service.
“Today, we’re excited to release this new tool called Project OneFuzz, an extensible fuzz testing framework for Azure. Available through GitHub as an open-source tool, the testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world.” reads Microsoft’s announcement.
Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a targeted application to see if some exceptions occur (i.e. crashes, failing built-in code assertions, or memory leaks).
The company has also used Project OneFuzz internally to find vulnerabilities in Windows, Edge and other products.
“Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment.” continues the announcement. “The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult,”
The fuzzer allows to text programs on both Windows or Linux operating systems, it implements a triage and result deduplication features, it allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs. Microsoft also added that users can summon live debugging sessions in case of crashes.
Microsoft open-sourced its project to involve contributions from the community and improve its framework.
“Project OneFuzz is available now on GitHub under an MIT license. It is updated by contributions from Microsoft Research & Security Groups across Windows and by more teams as we grow our partnership and expand fuzzing coverage across the company to continuously improve the security of all Microsoft platforms and products.”the company concludes. “Microsoft will continue to maintain and expand Project OneFuzz, releasing updates to the open-source community as they occur.”
(SecurityAffairs – hacking, fuzzing)