Fuzzing: a survey for roadmap
Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It
generates a large number of test cases and monitors the executions for defects. Fuzzing has …
generates a large number of test cases and monitors the executions for defects. Fuzzing has …
Sok: Prudent evaluation practices for fuzzing
Fuzzing has proven to be a highly effective approach to uncover software bugs over the past
decade. After AFL popularized the groundbreaking concept of lightweight coverage …
decade. After AFL popularized the groundbreaking concept of lightweight coverage …
{PolyFuzz}: Holistic Greybox Fuzzing of {Multi-Language} Systems
While offering many advantages during software process, the practice of using multiple
programming languages in constructing one software system also introduces additional …
programming languages in constructing one software system also introduces additional …
Detecting logical bugs of {DBMS} with coverage-based guidance
Database management systems (DBMSs) are critical components of modern data-intensive
applications. Developers have adopted many testing techniques to detect DBMS bugs such …
applications. Developers have adopted many testing techniques to detect DBMS bugs such …
{PolyCruise}: A {Cross-Language} dynamic information flow analysis
Despite the fact that most real-world software systems today are written in multiple
programming languages, existing program analysis based security techniques are still …
programming languages, existing program analysis based security techniques are still …
Drivefuzz: Discovering autonomous driving bugs through driving quality-guided fuzzing
Autonomous driving has become real; semi-autonomous driving vehicles in an affordable
price range are already on the streets, and major automotive vendors are actively …
price range are already on the streets, and major automotive vendors are actively …
[PDF][PDF] FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.
JavaScript has become an essential part of the Internet infrastructure, and today's interactive
web applications would be inconceivable without this programming language. On the …
web applications would be inconceivable without this programming language. On the …
SecBench. js: An executable security benchmark suite for server-side JavaScript
MHM Bhuiyan, AS Parthasarathy… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
NPM is the largest software ecosystem in the world, offering millions of free, reusable
packages. In recent years, various security threats to packages published on npm have …
packages. In recent years, various security threats to packages published on npm have …
Arbiter: Bridging the static and dynamic divide in vulnerability discovery on binary programs
In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art
binary program analysis approaches are limited by inherent trade-offs between accuracy …
binary program analysis approaches are limited by inherent trade-offs between accuracy …
DeepVulSeeker: A novel vulnerability identification framework via code graph structure and pre-training mechanism
J Wang, H Xiao, S Zhong, Y Xiao - Future Generation Computer Systems, 2023 - Elsevier
Software vulnerabilities can pose severe harms to a computing system. They can lead to
system crash, privacy leakage, or even physical damage. Correctly identifying vulnerabilities …
system crash, privacy leakage, or even physical damage. Correctly identifying vulnerabilities …