Demystify the fuzzing methods: A comprehensive survey
S Mallissery, YS Wu - ACM Computing Surveys, 2023 - dl.acm.org
Massive software applications possess complex data structures or parse complex data
structures; in such cases, vulnerabilities in the software become inevitable. The …
structures; in such cases, vulnerabilities in the software become inevitable. The …
[PDF][PDF] Sok: The progress, challenges, and perspectives of directed greybox fuzzing
P Wang, X Zhou, K Lu, T Yue, Y Liu - arXiv preprint arXiv …, 2020 - szu-se.github.io
Greybox fuzzing has been the most scalable and practical approach to software testing.
Most greybox fuzzing tools are coverage guided as code coverage is strongly correlated …
Most greybox fuzzing tools are coverage guided as code coverage is strongly correlated …
Oddfuzz: Discovering java deserialization vulnerabilities via structure-aware directed greybox fuzzing
Java deserialization vulnerability is a severe threat in practice. Researchers have proposed
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …
Mc2: Rigorous and efficient directed greybox fuzzing
Directed greybox fuzzing is a popular technique for targeted software testing that seeks to
find inputs that reach a set of target sites in a program. Most existing directed greybox …
find inputs that reach a set of target sites in a program. Most existing directed greybox …
Selectfuzz: Efficient directed fuzzing with selective path exploration
Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …
to many security applications such as reproducing known crashes and detecting …
One fuzz doesn't fit all: Optimizing directed fuzzing via target-tailored program state restriction
Fuzzing is the de-facto default technique to discover software flaws, randomly testing
programs to discover crashing test cases. Yet, a particular scenario may only care about …
programs to discover crashing test cases. Yet, a particular scenario may only care about …
{DAFL}: Directed Grey-box Fuzzing guided by Data Dependency
Despite growing research interest, existing directed grey-box fuzzers do not scale well with
program complexity. In this paper, we identify two major scalability challenges for current …
program complexity. In this paper, we identify two major scalability challenges for current …
Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?
Static analysis tools for capturing bugs and vulnerabilities in software programs are widely
employed in practice, as they have the unique advantages of high coverage and …
employed in practice, as they have the unique advantages of high coverage and …
{µFUZZ}: Redesign of Parallel Fuzzing using Microservice Architecture
Fuzzing has been widely adopted as an effective testing technique for detecting software
bugs. Researchers have explored many parallel fuzzing approaches to speed up bug …
bugs. Researchers have explored many parallel fuzzing approaches to speed up bug …
A cocktail approach to practical call graph construction
After decades of research, constructing call graphs for modern C-based software remains
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …