Fuzzing Janus for Fun and Profit

Fuzzing is an automated software testing technique that looks for vulnerabilities by causing crashes through the introduction of invalid, unexpected, or random data as program inputs. It is used to improve both the robustness and the security of software. In this paper we apply fuzzing to test the behavior of the Janus WebRTC media server. We describe how we used fuzz testing to fix a few important issues that had been discovered in our software. We also discuss how we leveraged the gained experience in order to build an automated process helping us mitigate the appearance of this kind of issues in the future releases of our server.