Fuzzing the internet of things: A review on the techniques and challenges for efficient vulnerability discovery in embedded systems
With a growing number of embedded devices that create, transform, and send data
autonomously at its core, the Internet of Things (IoT) is a reality in different sectors, such as …
autonomously at its core, the Internet of Things (IoT) is a reality in different sectors, such as …
Smart greybox fuzzing
Coverage-based greybox fuzzing (CGF) is one of the most successful approaches for
automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly …
automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly …
Memlock: Memory usage guided fuzzing
Uncontrolled memory consumption is a kind of critical software security weaknesses. It can
also become a security-critical vulnerability when attackers can take control of the input to …
also become a security-critical vulnerability when attackers can take control of the input to …
Toss a fault to your witcher: Applying grey-box coverage-guided mutational fuzzing to detect sql and command injection vulnerabilities
Black-box web application vulnerability scanners attempt to automatically identify
vulnerabilities in web applications without access to the source code. However, they do so …
vulnerabilities in web applications without access to the source code. However, they do so …
{MUZZ}: Thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs
Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing
to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies …
to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies …
[PDF][PDF] Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization.
Coverage-based fuzzing has been actively studied and widely adopted for finding
vulnerabilities in real-world software applications. With coverage information, such as …
vulnerabilities in real-world software applications. With coverage information, such as …
Understanding the effectiveness of large language models in detecting security vulnerabilities
Security vulnerabilities in modern software are prevalent and harmful. While automated
vulnerability detection tools have made promising progress, their scalability and applicability …
vulnerability detection tools have made promising progress, their scalability and applicability …
{PolyFuzz}: Holistic Greybox Fuzzing of {Multi-Language} Systems
While offering many advantages during software process, the practice of using multiple
programming languages in constructing one software system also introduces additional …
programming languages in constructing one software system also introduces additional …
MTFuzz: fuzzing with a multi-task neural network
Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most
popular fuzzers generate new inputs using an evolutionary search to maximize code …
popular fuzzers generate new inputs using an evolutionary search to maximize code …
Grey-box concolic testing on binary code
We present grey-box concolic testing, a novel path-based test case generation method that
combines the best of both white-box and grey-box fuzzing. At a high level, our technique …
combines the best of both white-box and grey-box fuzzing. At a high level, our technique …