Skip header Section
Skip Bibliometrics Section
Fuzzing: Brute Force Vulnerability DiscoveryJuly 2007
- Authors:
- Michael Sutton,
- Adam Greene,
- Pedram Amini
Skip Abstract Section
Abstract
FUZZINGMaster One of Today's Most Powerful Techniques for Revealing Security Flaws!Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers haverelied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:· Why fuzzing simplifies test design and catches flaws other methods miss· The fuzzing process: from identifying inputs to assessing “exploitability”· Understanding the requirements for effective fuzzing· Comparing mutation-based and generation-based fuzzers· Using and automating environment variable and argument fuzzing· Mastering in-memory fuzzing techniques· Constructing custom fuzzing frameworks and tools· Implementing intelligent fault detectionAttackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.Forewordï ï ï ï xix Prefaceï ï ï ï ï ï ï xxiAcknowledgmentsï xxvAbout the Authorï ï xxvii PARTIï ï ï ï ï ï ï ï BACKGROUNDï ï ï ï 1Chapter 1ï ï ï Vulnerability Discovery Methodologiesï 3Chapter 2ï ï ï What Is Fuzzing__ __ï ï 21Chapter 3ï ï ï Fuzzing Methods and Fuzzer Typesï ï ï ï 33Chapter 4ï ï ï Data Representation and Analysisï ï ï ï ï ï ï 45Chapter 5ï ï ï Requirements for Effective Fuzzingï ï ï ï ï 61PART IIï ï ï ï ï TARGETS AND AUTOMATIONï ï ï ï ï ï ï ï ï 71Chapter 6ï ï ï Automation and Data Generationï ï ï ï ï ï ï 73Chapter 7ï ï ï Environment Variable and Argument Fuzzing 89Chapter 8ï ï ï Environment Variable and Argument Fuzzing: Automation 103Chapter 9ï ï ï Web Application and Server Fuzzingï ï ï ï 113Chapter 10ï Web Application and Server Fuzzing: Automationï ï ï 137Chapter 11ï File Format Fuzzingï ï ï ï ï ï ï ï 169Chapter 12ï File Format Fuzzing: Automation on UNIXï ï ï ï 181Chapter 13ï File Format Fuzzing: Automation on Windowsï ï ï ï ï ï ï ï 197Chapter 14ï Network Protocol Fuzzingï ï ï ï ï ï ï ï 223Chapter 15ï Network Protocol Fuzzing: Automation on UNIXï ï ï ï 235Chapter 16ï Network Protocol Fuzzing: Automation on Windowsï ï ï ï ï ï ï ï 249Chapter 17ï Web Browser Fuzzingï ï ï ï ï 267Chapter 18ï Web Browser Fuzzing: Automationï ï ï ï 283Chapter 19ï In-Memory Fuzzingï¾ ï¾ ï¾ ï¾ ï¾ ï¾ ï¾ ï¾ 301Chapter 20ï¾ In-Memory Fuzzing: Automationï¾ ï¾ ï¾ ï¾ ï¾ ï¾ ï¾ ï¾ 315PART IIIï¾ ï¾ ï¾ ADVANCED FUZZING TECHNOLOGIESï¾ ï¾ ï¾ ï¾ ï¾ 349Chapter 21ï¾ Fuzzing Frameworksï¾ ï¾ ï¾ ï¾ ï¾ ï¾ 351Chapter 22ï¾ Automated Protocol Dissectionï¾ 419Chapter 23ï¾ Fuzzer Trackingï¾ ï¾ ï¾ ï¾ 437Chapter 24ï¾ Intelligent Fault Detection 471PART IVï¾ ï¾ ï¾ ï¾ LOOKING FORWARDï¾ ï¾ ï¾ 495Chapter 25ï¾ Lessons Learnedï¾ ï¾ ï¾ 497Chapter 26ï¾ Looking Forwardï¾ ï¾ ï¾ 507Index 519
Cited By
Meel K, Chakraborty S and Mathur U (2024). A faster FPRAS for #NFA, Proceedings of the ACM on Management of Data, 2:2, (1-22), Online publication date: 10-May-2024.- Xia C, Paltenghi M, Le Tian J, Pradel M and Zhang L Fuzz4All: Universal Fuzzing with Large Language Models Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, (1-13)
- Zhao X, Qu H, Xu J, Li X, Lv W and Wang G (2024). A systematic review of fuzzing, Soft Computing - A Fusion of Foundations, Methodologies and Applications, 28:6, (5493-5522), Online publication date: 1-Mar-2024.
- Liu J, Huang Y, Wang Z, Ma L, Fang C, Gu M, Zhang X and Chen Z (2023). Generation-based Differential Fuzzing for Deep Learning Libraries, ACM Transactions on Software Engineering and Methodology, 33:2, (1-28), Online publication date: 29-Feb-2024.
- Deng Y, Xia C, Yang C, Zhang S, Yang S and Zhang L Large Language Models are Edge-Case Generators: Crafting Unusual Programs for Fuzzing Deep Learning Libraries Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, (1-13)
- Yang S, Xu Z, Xiao Y, Lang Z, Tang W, Liu Y, Shi Z, Li H and Sun L (2023). Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis, ACM Transactions on Software Engineering and Methodology, 32:6, (1-29), Online publication date: 30-Nov-2023.
- Marchetto A A Rapid Review on Fuzz Security Testing for Software Protocol Implementations Testing Software and Systems, (3-20)
- Wen H and Lin Z Egg hunt in Tesla infotainment Proceedings of the 32nd USENIX Conference on Security Symposium, (3997-4014)
- Zhang C, Liu B, Xin Y and Yao L (2023). CPVD: Cross Project Vulnerability Detection Based on Graph Attention Network and Domain Adaptation, IEEE Transactions on Software Engineering, 49:8, (4152-4168), Online publication date: 1-Aug-2023.
- Chimuco F, Sequeiros J, Lopes C, Simões T, Freire M and Inácio P (2023). Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation, International Journal of Information Security, 22:4, (833-867), Online publication date: 1-Aug-2023.
- Deng Y, Xia C, Peng H, Yang C and Zhang L Large Language Models Are Zero-Shot Fuzzers: Fuzzing Deep-Learning Libraries via Large Language Models Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, (423-435)
- Bousy I, Barr E and Clark D (2023). PopArt: Ranked Testing Efficiency, IEEE Transactions on Software Engineering, 49:4, (2221-2238), Online publication date: 1-Apr-2023.
- Zhong Z, Kaiser G and Ray B (2023). Neural Network Guided Evolutionary Fuzzing for Finding Traffic Violations of Autonomous Vehicles, IEEE Transactions on Software Engineering, 49:4, (1860-1875), Online publication date: 1-Apr-2023.
- Ren M, Ren X, Feng H, Ming J and Lei Y (2022). Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing, Digital Threats: Research and Practice, 4:1, (1-24), Online publication date: 31-Mar-2023.
- Kaloudi N and Li J (2023). AST-SafeSec: Adaptive Stress Testing for Safety and Security Co-Analysis of Cyber-Physical Systems, IEEE Transactions on Information Forensics and Security, 18, (5567-5579), Online publication date: 1-Jan-2023.
- Sawadogo A, Bissyandé T, Moha N, Allix K, Klein J, Li L and Le Traon Y (2022). SSPCatcher: Learning to catch security patches, Empirical Software Engineering, 27:6, Online publication date: 1-Nov-2022.
- Li X, Liu X, Chen L, Prajapati R and Wu D FuzzBoost: Reinforcement Compiler Fuzzing Information and Communications Security, (359-375)
- Liu Y, Li Y, Deng G, Liu Y, Wan R, Wu R, Ji D, Xu S and Bao M Morest Proceedings of the 44th International Conference on Software Engineering, (1406-1417)
- Candea G and Godefroid P Automated Software Test Generation: Some Challenges, Solutions, and Recent Advances Computing and Software Science, (505-531)
- Wu B, Zou F and Yan X (2022). Code Vulnerability Detection Based on Deep Sequence and Graph Models, Security and Communication Networks, 2022, Online publication date: 1-Jan-2022.
- Grusho A, Grusho N, Zabezhailo M and Timonina E (2021). Localization of the Root Cause of the Anomaly, Automatic Control and Computer Sciences, 55:8, (978-983), Online publication date: 1-Dec-2021.
- Scott J, Sudula T, Rehman H, Mora F and Ganesh V BanditFuzz: Fuzzing SMT Solvers with Multi-agent Reinforcement Learning Formal Methods, (103-121)
- Cao Y, Zheng Y, Lin S, Liu Y, Teo Y, Toh Y and Adiga V Automatic HMI structure exploration via curiosity-based reinforcement learning Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, (1151-1155)
- Ge X, Niu B, Brotzman R, Chen Y, Han H, Godefroid P and Cui W HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, (366-378)
- Deng G, Zhou Y, Xu Y, Zhang T and Liu Y An Investigation of Byzantine Threats in Multi-Robot Systems Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses, (17-32)
- Lin G, Xiao W, Zhang L, Gao S, Tai Y and Zhang J (2021). Deep neural-based vulnerability discovery demystified: data, model and performance, Neural Computing and Applications, 33:20, (13287-13300), Online publication date: 1-Oct-2021.
- Lin G, Zhang J, Luo W, Pan L, De Vel O, Montague P and Xiang Y (2021). Software Vulnerability Discovery via Learning Multi-Domain Knowledge Bases, IEEE Transactions on Dependable and Secure Computing, 18:5, (2469-2485), Online publication date: 1-Sep-2021.
- Ma S, Li J, Kim H, Bertino E, Nepal S, Ostry D and Sun C Fine with "1234"? Proceedings of the 43rd International Conference on Software Engineering, (1671-1682)
- Zakeri Nasrabadi M, Parsa S and Kalaee A (2021). Format-aware learn&fuzz: deep test data generation for efficient fuzzing, Neural Computing and Applications, 33:5, (1497-1513), Online publication date: 1-Mar-2021.
- Agape A, Danceanu M, Hansen R and Schmid S P4Fuzz: Compiler Fuzzer forDependable Programmable Dataplanes Proceedings of the 22nd International Conference on Distributed Computing and Networking, (16-25)
- Wicker S (2020). The ethics of zero-day exploits---, Communications of the ACM, 64:1, (97-103), Online publication date: 1-Jan-2021.
- Amankwah R, Chen J, Kudjo P, Agyemang B and Amponsah A (2020). An automated framework for evaluating open-source web scanner vulnerability severity, Service Oriented Computing and Applications, 14:4, (297-307), Online publication date: 1-Dec-2020.
- Dalla Preda M, Giacobazzi R and Marastoni N Formal Framework for Reasoning About the Precision of Dynamic Analysis Static Analysis, (178-199)
- Ghimis B, Paduraru M and Stefanescu A RIVER 2.0: an open-source testing framework using AI techniques Proceedings of the 1st ACM SIGSOFT International Workshop on Languages and Tools for Next-Generation Testing, (13-18)
- Godefroid P, Huang B and Polishchuk M Intelligent REST API data fuzzing Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, (725-736)
- Zhu H and Bayley I Exploratory Datamorphic Testing of Classification Applications Proceedings of the IEEE/ACM 1st International Conference on Automation of Software Test, (51-60)
- Lee S, Han H, Cha S and Son S Montage Proceedings of the 29th USENIX Conference on Security Symposium, (2613-2630)
- Yue T, Wang P, Tang Y, Wang E, Yu B, Lu K and Zhou X EcoFuzz Proceedings of the 29th USENIX Conference on Security Symposium, (2307-2324)
- Zong P, Lv T, Wang D, Deng Z, Liang R and Chen K FuzzGuard Proceedings of the 29th USENIX Conference on Security Symposium, (2255-2269)
- Wen H, Chen Q and Lin Z Plug-N-Pwned Proceedings of the 29th USENIX Conference on Security Symposium, (949-965)
- Scott J, Mora F and Ganesh V BanditFuzz: A Reinforcement-Learning Based Performance Fuzzer for SMT Solvers Software Verification, (68-86)
- Li Y, Zou H and Liu H A High Efficient Technology for Parallel Fuzzing Proceedings of the 2020 4th High Performance Computing and Cluster Technologies Conference & 2020 3rd International Conference on Big Data and Artificial Intelligence, (29-33)
- Peng C and Rajan A Automated test generation for OpenCL kernels using fuzzing and constraint solving Proceedings of the 13th Annual Workshop on General Purpose Processing using Graphics Processing Unit, (61-70)
- Godefroid P (2020). Fuzzing, Communications of the ACM, 63:2, (70-76), Online publication date: 22-Jan-2020.
- Dai H, Li Y, Wang C, Singh R, Huang P and Kohli P Learning transferable graph exploration Proceedings of the 33rd International Conference on Neural Information Processing Systems, (2518-2529)
- Tian C, Chen C, Duan Z and Zhao L (2019). Differential Testing of Certificate Validation in SSL/TLS Implementations, ACM Transactions on Software Engineering and Methodology, 28:4, (1-37), Online publication date: 31-Oct-2019.
- Kim J, Hubczenko D and Montague P Towards Attention Based Vulnerability Discovery Using Source Code Representation Artificial Neural Networks and Machine Learning – ICANN 2019: Text and Time Series, (731-746)
- Thönnessen D, Smallbone N, Fabian M, Claessen K and Kowalewski S Testing Safety PLCs Using QuickCheck 2019 IEEE 15th International Conference on Automation Science and Engineering (CASE), (1-6)
- Fremont D, Dreossi T, Ghosh S, Yue X, Sangiovanni-Vincentelli A and Seshia S Scenic: a language for scenario specification and scene generation Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, (63-78)
- Atlidakis V, Godefroid P and Polishchuk M RESTler Proceedings of the 41st International Conference on Software Engineering, (748-758)
- Law M, Russo A, Bertino E, Broda K and Lobo J Representing and learning grammars in answer set programming Proceedings of the Thirty-Third AAAI Conference on Artificial Intelligence and Thirty-First Innovative Applications of Artificial Intelligence Conference and Ninth AAAI Symposium on Educational Advances in Artificial Intelligence, (2919-2928)
- Dutta S, Legunsen O, Huang Z and Misailovic S Testing probabilistic programming systems Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, (574-586)
- Grieco G and Dinaburg A Toward Smarter Vulnerability Discovery Using Machine Learning Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, (48-56)
- Situ L, Wang L, Liu Y, Mao B and Li X Vanguard Proceedings of the 10th Asia-Pacific Symposium on Internetware, (1-10)
- Kim S and Shon T (2018). Field classification-based novel fuzzing case generation for ICS protocols, The Journal of Supercomputing, 74:9, (4434-4450), Online publication date: 1-Sep-2018.
- Kargén U and Shahmehri N Speeding Up Bug Finding using Focused Fuzzing Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-10)
- Grieco G, Ceresa M and Buiras P (2016). QuickFuzz: an automatic random fuzzer for common file formats, ACM SIGPLAN Notices, 51:12, (13-20), Online publication date: 19-Jul-2018.
- Liang B, Li H, Su M, Bian P, Li X and Shi W Deep text classification can be fooled Proceedings of the 27th International Joint Conference on Artificial Intelligence, (4208-4215)
- Li Y, Feng C and Tang C A Large-scale Parallel Fuzzing System Proceedings of the 2nd International Conference on Advances in Image Processing, (194-197)
- Hutchison C, Zizyte M, Lanigan P, Guttendorf D, Wagner M, Goues C and Koopman P Robustness testing of autonomy software Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice, (276-285)
- Chen C, Tian C, Duan Z and Zhao L RFC-directed differential testing of certificate validation in SSL/TLS implementations Proceedings of the 40th International Conference on Software Engineering, (859-870)
- Han W, Liu X, Zhang H, Quan R and Shen L Dynamically-enabled Defense Effectiveness Evaluation of IoT Based on Vulnerability Analysis Proceedings of the 3rd International Conference on Multimedia Systems and Signal Processing, (99-103)
- Ognawala S, Hutzelmann T, Psallida E and Pretschner A Improving function coverage with munch Proceedings of the 33rd Annual ACM Symposium on Applied Computing, (1475-1482)
- Jiang Z, Feng C and Tang C (2018). An Exploitability Analysis Technique for Binary Vulnerability Based on Automatic Exception Suppression, Security and Communication Networks, 2018, (6), Online publication date: 1-Jan-2018.
- Sun H, Liu S, Xiao D and Xiao R Applying Binary Patch Comparison to Cisco IOS Proceedings of the 2017 VI International Conference on Network, Communication and Computing, (38-42)
- Tacliad F, Nguyen T and Gondree M DoS Exploitation of Allen-Bradley's Legacy Protocol through Fuzz Testing Proceedings of the 3rd Annual Industrial Control System Security Workshop, (24-31)
- Grieco G, Ceresa M, Mista A and Buiras P (2017). QuickFuzz testing for fun and profit, Journal of Systems and Software, 134:C, (340-354), Online publication date: 1-Dec-2017.
- Wang S and Wu D In-memory fuzzing for binary code similarity analysis Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, (319-330)
- Godefroid P, Peleg H and Singh R Learn&Fuzz: machine learning for input fuzzing Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, (50-59)
- (2017). A secure-coding and vulnerability check system based on smart-fuzzing and exploit, Neurocomputing, 256:C, (23-34), Online publication date: 20-Sep-2017.
- Bastani O, Sharma R, Aiken A and Liang P (2017). Synthesizing program input grammars, ACM SIGPLAN Notices, 52:6, (95-110), Online publication date: 14-Sep-2017.
- Badenhop C, Graham S, Ramsey B, Mullins B and Mailloux L (2017). The Z-Wave routing protocol and its security implications, Computers and Security, 68:C, (112-129), Online publication date: 1-Jul-2017.
- Bastani O, Sharma R, Aiken A and Liang P Synthesizing program input grammars Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, (95-110)
- Ben Henda N, Johansson B, Lantz P, Norrman K, Saarinen P and Segersvärd O OpenSAW Proceedings of the 20th International Conference on Fundamental Approaches to Software Engineering - Volume 10202, (321-337)
- Chandrasekar B, Ramesh B, Prabhu V, Sajeev S, Mohanty P and Shobha G Development of Intelligent Digital Certificate Fuzzer Tool Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, (126-130)
- Wang M, Wang H, Chen Y, Lei C and Maiorana E (2017). Automatic Test Pattern Generator for Fuzzing Based on Finite State Machine, Security and Communication Networks, 2017, Online publication date: 1-Jan-2017.
- Feist J, Mounier L, Bardin S, David R and Potet M Finding the needle in the heap Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, (1-12)
- Böttinger K (2016). Fuzzing binaries with Lévy flight swarms, EURASIP Journal on Information Security, 2016:1, (1-10), Online publication date: 1-Dec-2016.
- Munea T, Lim H and Shon T (2016). Network protocol fuzz testing for information systems and applications, Multimedia Tools and Applications, 75:22, (14745-14757), Online publication date: 1-Nov-2016.
- Gao F, Chen T, Wang Y, Situ L, Wang L and Li X Carraybound Proceedings of the 8th Asia-Pacific Symposium on Internetware, (81-90)
- Grieco G, Ceresa M and Buiras P QuickFuzz: an automatic random fuzzer for common file formats Proceedings of the 9th International Symposium on Haskell, (13-20)
- Hodován R and Kiss Á Fuzzing JavaScript Engine APIs Proceedings of the 12th International Conference on Integrated Formal Methods - Volume 9681, (425-438)
- Robbins E, King A and Schrijvers T (2016). From MinX to MinC: semantics-driven decompilation of recursive datatypes, ACM SIGPLAN Notices, 51:1, (191-203), Online publication date: 8-Apr-2016.
- Bertolino A, Daoudagh S, Lonetti F and Marchetti E Testing access control policies against intended access rights Proceedings of the 31st Annual ACM Symposium on Applied Computing, (1641-1647)
- Grieco G, Grinblat G, Uzal L, Rawat S, Feist J and Mounier L Toward Large-Scale Vulnerability Discovery using Machine Learning Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, (85-96)
- Robbins E, King A and Schrijvers T From MinX to MinC: semantics-driven decompilation of recursive datatypes Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (191-203)
- Pietikäinen P, Kettunen A and Röning J (2016). Steps Towards Fuzz Testing in Agile Test Automation, International Journal of Secure Software Engineering, 7:1, (38-52), Online publication date: 1-Jan-2016.
- Ko R, Russello G, Nelson R, Pang S, Cheang A, Dobbie G, Sarrafzadeh A, Chaisiri S, Asghar M and Holmes G STRATUS Proceedings of the ICA3PP International Workshops and Symposiums on Algorithms and Architectures for Parallel Processing - Volume 9532, (57-70)
- Kargén U and Shahmehri N Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, (782-792)
- Sidiroglou-Douskos S, Lahtinen E, Long F and Rinard M (2015). Automatic error elimination by horizontal code transfer across multiple applications, ACM SIGPLAN Notices, 50:6, (43-54), Online publication date: 7-Aug-2015.
- Sidiroglou-Douskos S, Lahtinen E, Long F and Rinard M Automatic error elimination by horizontal code transfer across multiple applications Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, (43-54)
- Sidiroglou-Douskos S, Lahtinen E, Rittenhouse N, Piselli P, Long F, Kim D and Rinard M (2015). Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement, ACM SIGARCH Computer Architecture News, 43:1, (473-486), Online publication date: 29-May-2015.
- Sidiroglou-Douskos S, Lahtinen E, Rittenhouse N, Piselli P, Long F, Kim D and Rinard M (2015). Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement, ACM SIGPLAN Notices, 50:4, (473-486), Online publication date: 12-May-2015.
- Lee W, Srirangam Ramanujam M and Krishnan S On Designing an Efficient Distributed Black-Box Fuzzing System for Mobile Devices Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, (31-42)
- Sidiroglou-Douskos S, Lahtinen E, Rittenhouse N, Piselli P, Long F, Kim D and Rinard M Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, (473-486)
- Vidas T, Tan J, Nahata J, Tan C, Christin N and Tague P A5 Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, (39-50)
- Suzaki K, Yagi T, Tanaka A, Oiwa Y and Shibayama E Rollback mechanism of nested virtual machines for protocol fuzz testing Proceedings of the 29th Annual ACM Symposium on Applied Computing, (1484-1491)
- Yamaguchi F, Wressnegger C, Gascon H and Rieck K Chucky Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, (499-510)
- Martignoni L, Paleari R, Reina A, Roglia G and Bruschi D (2013). A methodology for testing CPU emulators, ACM Transactions on Software Engineering and Methodology, 22:4, (1-26), Online publication date: 1-Oct-2013.
- Tsankov P, Dashti M and Basin D Semi-valid input coverage for fuzz testing Proceedings of the 2013 International Symposium on Software Testing and Analysis, (56-66)
- de Oliveira D, Rakamarić Z, Gopalakrishnan G, Humphrey A, Meng Q and Berzins M Practical formal correctness checking of million-core problem solving environments for HPC Proceedings of the 5th International Workshop on Software Engineering for Computational Science and Engineering, (75-83)
- Wen G, Zhang Y, Liu Q and Yang D Fuzzing the ActionScript virtual machine Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, (457-468)
- Sun X, Chen H, Zhao J and Huang M A test case generation technique for VMM fuzzing Proceedings of the 2013 international conference on Information and Communication Technology, (318-323)
- DeMott J, Enbody R and Punch W (2013). Systematic bug finding and fault localization enhanced with input data tracking, Computers and Security, 32:C, (130-157), Online publication date: 1-Feb-2013.
- Yamaguchi F, Lottmann M and Rieck K Generalized vulnerability extrapolation using abstract syntax trees Proceedings of the 28th Annual Computer Security Applications Conference, (359-368)
- Smith C and Francia G Security fuzzing toolset Proceedings of the 50th Annual Southeast Regional Conference, (329-330)
- Mayo J and Armstrong R Tradeoffs in targeted fuzzing of cyber systems by defenders and attackers Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, (1-1)
- Wang T, Wei T, Gu G and Zou W (2011). Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution, ACM Transactions on Information and System Security, 14:2, (1-28), Online publication date: 1-Sep-2011.
- Yamaguchi F, Lindner F and Rieck K Vulnerability extrapolation Proceedings of the 5th USENIX conference on Offensive technologies, (13-13)
- Sim K, Kuo F and Merkel R Fuzzing the out-of-memory killer on embedded Linux Proceedings of the 2011 ACM Symposium on Applied Computing, (387-392)
- Kim H, Choi Y and Lee D (2011). Efficient file fuzz testing using automated analysis of binary file format, Journal of Systems Architecture: the EUROMICRO Journal, 57:3, (259-268), Online publication date: 1-Mar-2011.
- Kanade A, Alur R, Rajamani S and Ramanlingam G Representation dependence testing using program inversion Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, (277-286)
- Arts T and Thompson S From test cases to FSMs Proceedings of the 9th ACM SIGPLAN workshop on Erlang, (1-12)
- Martignoni L, Paleari R, Fresi Roglia G and Bruschi D Testing system virtual machines Proceedings of the 19th international symposium on Software testing and analysis, (171-182)
- Brummayer R, Lonsing F and Biere A Automated testing and debugging of SAT and QBF solvers Proceedings of the 13th international conference on Theory and Applications of Satisfiability Testing, (44-57)
- Dai H, Murphy C and Kaiser G (2010). CONFU, International Journal of Secure Software Engineering, 1:3, (41-55), Online publication date: 1-Jul-2010.
- Brummayer R and Biere A Fuzzing and delta-debugging SMT solvers Proceedings of the 7th International Workshop on Satisfiability Modulo Theories, (1-5)
- Martignoni L, Paleari R, Roglia G and Bruschi D Testing CPU emulators Proceedings of the eighteenth international symposium on Software testing and analysis, (261-272)
- Garcia R Case study Proceedings of the Second International Workshop on Testing Database Systems, (1-6)
- Ganesh V, Leek T and Rinard M Taint-based directed whitebox fuzzing Proceedings of the 31st International Conference on Software Engineering, (474-484)
- Godefroid P, Kiezun A and Levin M Grammar-based whitebox fuzzing Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, (206-215)
- Godefroid P, Kiezun A and Levin M (2008). Grammar-based whitebox fuzzing, ACM SIGPLAN Notices, 43:6, (206-215), Online publication date: 30-May-2008.
Index Terms
- Fuzzing: Brute Force Vulnerability Discovery
Recommendations
Online Model-Based Behavioral Fuzzing
ICSTW '13: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation WorkshopsFuzz testing or fuzzing is interface robustness testing by stressing the interface of a system under test (SUT) with invalid input data. It aims at finding security-relevant weaknesses in the implementation that may result in a crash of the system-under-...
Grammar-based whitebox fuzzing
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationWhitebox fuzzing is a form of automatic dynamic test generation, based on symbolic execution and constraint solving, designed for security testing of large applications. Unfortunately, the current effectiveness of whitebox fuzzing is limited when ...
Fine-Grained Coverage-Based Fuzzing
Fuzzing is a popular software testing method that discovers bugs by massively feeding target applications with automatically generated inputs. Many state-of-art fuzzers use branch coverage as a feedback metric to guide the fuzzing process. The fuzzer ...