I want to test a specific device connected to different networks using fuzzing. For each network interface, there are different services listening using different protocols, with open specification.
As i can not fuzz every network interface using every protocol, i want to find criteria to choose the protocol that either
- has the highest probability of finding vulnerabilities or
- will be the easiest to reach a high code coverage
For 2. i thought about e.g. message size, as the shorter the message, the more messages i can test in a reasonable time, but do you know other criteria or scientific research on this topic?
Thank you for helping.