Fuzzing: a survey for roadmap

X Zhu, S Wen, S Camtepe, Y Xiang - ACM Computing Surveys (CSUR), 2022 - dl.acm.org
Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It
generates a large number of test cases and monitors the executions for defects. Fuzzing has …

Fuzzing vulnerability discovery techniques: Survey, challenges and future directions

C Beaman, M Redbourne, JD Mummery, S Hakak - Computers & Security, 2022 - Elsevier
Fuzzing is a powerful tool for vulnerability discovery in software, with much progress being
made in the field in recent years. There is limited literature available on the fuzzing …

Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks

Y Zhou, S Liu, J Siow, X Du… - Advances in neural …, 2019 - proceedings.neurips.cc
Vulnerability identification is crucial to protect the software systems from attacks for cyber
security. It is especially important to localize the vulnerable functions among the source code …

Evaluating fuzz testing

G Klees, A Ruef, B Cooper, S Wei, M Hicks - Proceedings of the 2018 …, 2018 - dl.acm.org
Fuzz testing has enjoyed great success at discovering security critical bugs in real software.
Recently, researchers have devoted significant effort to devising new fuzzing techniques …

The art, science, and engineering of fuzzing: A survey

VJM Manès, HS Han, C Han, SK Cha… - IEEE Transactions …, 2019 - ieeexplore.ieee.org
Among the many software testing techniques available today, fuzzing has remained highly
popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of …

Angora: Efficient fuzzing by principled search

P Chen, H Chen - 2018 IEEE Symposium on Security and …, 2018 - ieeexplore.ieee.org
Fuzzing is a popular technique for finding software bugs. However, the performance of the
state-of-the-art fuzzers leaves a lot to be desired. Fuzzers based on symbolic execution …

{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing

I Yun, S Lee, M Xu, Y Jang, T Kim - 27th USENIX Security Symposium …, 2018 - usenix.org
Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and
concolic execution by combining both approaches. The hybrid approach has shown its …

Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage

C Lemieux, K Sen - Proceedings of the 33rd ACM/IEEE international …, 2018 - dl.acm.org
In recent years, fuzz testing has proven itself to be one of the most effective techniques for
finding correctness bugs and security vulnerabilities in practice. One particular fuzz testing …

[PDF][PDF] REDQUEEN: Fuzzing with Input-to-State Correspondence.

C Aschermann, S Schumilo, T Blazytko, R Gawlik… - NDSS, 2019 - nyx-fuzz.com
Automated software testing based on fuzzing has experienced a revival in recent years.
Especially feedback-driven fuzzing has become well-known for its ability to efficiently …

{MOPT}: Optimized mutation scheduling for fuzzers

C Lyu, S Ji, C Zhang, Y Li, WH Lee, Y Song… - 28th USENIX Security …, 2019 - usenix.org
Mutation-based fuzzing is one of the most popular vulnerability discovery solutions. Its
performance of generating interesting test cases highly depends on the mutation scheduling …