Fuzzing: a survey for roadmap
Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It
generates a large number of test cases and monitors the executions for defects. Fuzzing has …
generates a large number of test cases and monitors the executions for defects. Fuzzing has …
{AFL++}: Combining incremental steps of fuzzing research
A Fioraldi, D Maier, H Eißfeldt, M Heuse - 14th USENIX Workshop on …, 2020 - usenix.org
In this paper, we present AFL++, a community-driven open-source tool that incorporates
state-of-the-art fuzzing research, to make the research comparable, reproducible …
state-of-the-art fuzzing research, to make the research comparable, reproducible …
Fuzzbench: an open fuzzer benchmarking platform and service
Fuzzing is a key tool used to reduce bugs in production software. At Google, fuzzing has
uncovered tens of thousands of bugs. Fuzzing is also a popular subject of academic …
uncovered tens of thousands of bugs. Fuzzing is also a popular subject of academic …
Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses
Unlike traditional software, smart contracts have the unique organization in which a
sequence of transactions shares persistent states. Unfortunately, such a characteristic …
sequence of transactions shares persistent states. Unfortunately, such a characteristic …
Libafl: A framework to build modular and reusable fuzzers
The release of AFL marked an important milestone in the area of software security testing,
revitalizing fuzzing as a major research topic and spurring a large number of research …
revitalizing fuzzing as a major research topic and spurring a large number of research …
On the reliability of coverage-based fuzzer benchmarking
Given a program where none of our fuzzers finds any bugs, how do we know which fuzzer is
better? In practice, we often look to code coverage as a proxy measure of fuzzer …
better? In practice, we often look to code coverage as a proxy measure of fuzzer …
Seed selection for successful fuzzing
Mutation-based greybox fuzzing---unquestionably the most widely-used fuzzing technique---
relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process …
relies on a set of non-crashing seed inputs (a corpus) to bootstrap the bug-finding process …
Effective seed scheduling for fuzzing with graph centrality analysis
Seed scheduling, the order in which seeds are selected, can greatly affect the performance
of a fuzzer. Existing approaches schedule seeds based on their historical mutation data, but …
of a fuzzer. Existing approaches schedule seeds based on their historical mutation data, but …
Nyx-net: network fuzzing with incremental snapshots
Coverage-guided fuzz testing (" fuzzing") has become mainstream and we have observed
lots of progress in this research area recently. However, it is still challenging to efficiently test …
lots of progress in this research area recently. However, it is still challenging to efficiently test …
Sok: Prudent evaluation practices for fuzzing
Fuzzing has proven to be a highly effective approach to uncover software bugs over the past
decade. After AFL popularized the groundbreaking concept of lightweight coverage …
decade. After AFL popularized the groundbreaking concept of lightweight coverage …