Evaluating fuzz testing
Fuzz testing has enjoyed great success at discovering security critical bugs in real software.
Recently, researchers have devoted significant effort to devising new fuzzing techniques …
Recently, researchers have devoted significant effort to devising new fuzzing techniques …
Fuzzing the internet of things: A review on the techniques and challenges for efficient vulnerability discovery in embedded systems
With a growing number of embedded devices that create, transform, and send data
autonomously at its core, the Internet of Things (IoT) is a reality in different sectors, such as …
autonomously at its core, the Internet of Things (IoT) is a reality in different sectors, such as …
Ethploit: From fuzzing to efficient exploit generation against smart contracts
Smart contracts, programs running on blockchain systems, leverage diverse decentralized
applications (DApps). Unfortunately, well-known smart contract platforms, Ethereum for …
applications (DApps). Unfortunately, well-known smart contract platforms, Ethereum for …
{ICSFuzz}: Manipulating {I/Os} and repurposing binary code to enable instrumented fuzzing in {ICS} control applications
Industrial Control Systems (ICS) have seen a rapid proliferation in the last decade amplified
by the advent of the 4th Industrial Revolution. At the same time, several notable …
by the advent of the 4th Industrial Revolution. At the same time, several notable …
Westworld: Fuzzing-assisted remote dynamic symbolic execution of smart apps on iot cloud platforms
Existing symbolic execution typically assumes the analyzer can control the I/O environment
and/or access the library code, which, however, is not the case when programs run on a …
and/or access the library code, which, however, is not the case when programs run on a …
Deferred concretization in symbolic execution via fuzzing
A Pandey, PRG Kotcharlakota, S Roy - Proceedings of the 28th ACM …, 2019 - dl.acm.org
Concretization is an effective weapon in the armory of symbolic execution engines.
However, concretization can lead to loss in coverage, path divergence, and generation of …
However, concretization can lead to loss in coverage, path divergence, and generation of …
Exploratory review of hybrid fuzzing for automated vulnerability detection
F Rustamov, J Kim, J Yu, J Yun - IEEE Access, 2021 - ieeexplore.ieee.org
Recently, software testing has become a significant component of information security. The
most reliable technique for automated software testing is a fuzzing tool that feeds programs …
most reliable technique for automated software testing is a fuzzing tool that feeds programs …
CatchFuzz: Reliable active anti-fuzzing techniques against coverage-guided fuzzer
HY Kim, DH Lee - Computers & Security, 2024 - Elsevier
Fuzzing techniques that can automatically detect software vulnerabilities are used widely
today. However, attackers also abuse these fuzzing techniques to find software …
today. However, attackers also abuse these fuzzing techniques to find software …
SandPuppy: Deep-State Fuzzing Guided by Automatic Detection of State-Representative Variables
Current state-of-the-art automated fuzzing approaches cannot explore deep program-states
without human assistance. Recently, Ijon allowed humans to provide code-annotations on …
without human assistance. Recently, Ijon allowed humans to provide code-annotations on …
Symbolic Execution with Test Cases Generated by Large Language Models
Symbolic execution is a powerful program analysis technique. External environment
construction and internal path explosion are two long-standing problems which may affect …
construction and internal path explosion are two long-standing problems which may affect …