An empirical study of the reliability of UNIX utilities
Communications of the ACM
ANTLR: a predicated-LL(k) parser generator
Software—Practice & Experience
Simplifying and Isolating Failure-Inducing Input
IEEE Transactions on Software Engineering
Violating Assumptions with Fuzzing
IEEE Security and Privacy
Random testing of C calling conventions
Proceedings of the sixth international symposium on Automated analysis-driven debugging
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Detecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning
FORTE '08 Proceedings of the 28th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Finding and understanding bugs in C compilers
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Fuzzing the ActionScript virtual machine
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
KameleonFuzz: evolutionary fuzzing for black-box XSS detection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Fuzz testing is an automated technique providing random data as input to a software system in the hope to expose a vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks; a JavaScript interpreter, for instance, would only accept a semantically valid program. On the other hand, the fuzzed input must be uncommon enough to trigger exceptional behavior, such as a crash of the interpreter. The LangFuzz approach resolves this conflict by using a grammar to randomly generate valid programs; the code fragments, however, partially stem from programs known to have caused invalid behavior before. LangFuzz is an effective tool for security testing: Applied on the Mozilla JavaScript interpreter, it discovered a total of 105 new severe vulnerabilities within three months of operation (and thus became one of the top security bug bounty collectors within this period); applied on the PHP interpreter, it discovered 18 new defects causing crashes.