Nsfuzz: Towards efficient and state-aware network service fuzzing
As an essential component responsible for communication, network services are security
critical, thus, it is vital to find their vulnerabilities. Fuzzing is currently one of the most popular …
critical, thus, it is vital to find their vulnerabilities. Fuzzing is currently one of the most popular …
Demystify the fuzzing methods: A comprehensive survey
S Mallissery, YS Wu - ACM Computing Surveys, 2023 - dl.acm.org
Massive software applications possess complex data structures or parse complex data
structures; in such cases, vulnerabilities in the software become inevitable. The …
structures; in such cases, vulnerabilities in the software become inevitable. The …
{StateFuzz}: System {Call-Based}{State-Aware} Linux Driver Fuzzing
Coverage-guided fuzzing has achieved great success in finding software vulnerabilities.
Existing coverage-guided fuzzers generally favor test cases that hit new code, and discard …
Existing coverage-guided fuzzers generally favor test cases that hit new code, and discard …
Exploring effective fuzzing strategies to analyze communication protocols
Y Chen, T Lan, G Venkataramani - … of the 3rd ACM Workshop on …, 2019 - dl.acm.org
In recent years, coverage-based greybox fuzzing has become popular forvulnerability
detection due to its simplicity and efficiency. However, it is less powerful when applied …
detection due to its simplicity and efficiency. However, it is less powerful when applied …
StateAFL: Greybox fuzzing for stateful network servers
R Natella - Empirical Software Engineering, 2022 - Springer
Fuzzing network servers is a technical challenge, since the behavior of the target server
depends on its state over a sequence of multiple messages. Existing solutions are costly …
depends on its state over a sequence of multiple messages. Existing solutions are costly …
Static program analysis as a fuzzing aid
Fuzz testing is an effective and scalable technique to perform software security
assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a …
assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a …
SPFuzz: a hierarchical scheduling framework for stateful network protocol fuzzing
C Song, B Yu, X Zhou, Q Yang - IEEE Access, 2019 - ieeexplore.ieee.org
In recent years, the fuzzing technology is widely used to detect the software vulnerabilities
owing to the coverage improvement in the target program and the easiness of use. However …
owing to the coverage improvement in the target program and the easiness of use. However …
The art, science, and engineering of fuzzing: A survey
Among the many software vulnerability discovery techniques available today, fuzzing has
remained highly popular due to its conceptual simplicity, its low barrier to deployment, and …
remained highly popular due to its conceptual simplicity, its low barrier to deployment, and …
Typestate-guided fuzzer for discovering use-after-free vulnerabilities
Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge
coverage to guide the fuzzing process, which has shown great potential in finding …
coverage to guide the fuzzing process, which has shown great potential in finding …
Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation
Greybox fuzzing has become one of the most effective vulnerability discovery techniques.
However, greybox fuzzing techniques cannot be directly applied to applications in IoT …
However, greybox fuzzing techniques cannot be directly applied to applications in IoT …