seen from United States
seen from United States
seen from India
seen from Malaysia
seen from Italy
seen from United States
seen from Netherlands
seen from South Korea
seen from United Kingdom
seen from China
seen from Germany
seen from Italy
seen from United States
seen from China
seen from India
seen from Kazakhstan
seen from Malaysia
seen from United States
seen from Malaysia
seen from United Kingdom
Assertion: literally everything that could be usefully tested can, in principle, have its tests usefully randomized in a fuzzing/"property-based" way.
Challenge: come up with a counter-example for which I can't think of a useful randomization.
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
sandsifter - The x86 processor fuzzer
Take a look at this repository, if you’re interested in hacking x86 processors. Also, if you don’t want to sleep at all, read this and that papers.
Offensive Computer Security 2014 - Lecture 10 (Part 1 Advanced Fuzzing Topics)
Lecture finishing covering advanced fuzzing topics. Lecture offers discussion of taint analysis, dynamic taint analysis, symbolic … source
AI-based fuzzing targets open-source LLM vulnerabilities
Automated AI fuzzing is uncovering vulnerabilities in open-source LLMs. Google's new technique has already identified 26 new vulnerabilities, including a critical OpenSSL flaw. https://jpmellojr.blogspot.com/2024/12/ai-based-fuzzing-targets-open-source.html #AI #Fuzzing #Google #OpenSource
Fuzz Testing Overview Fuzz testing , often called fuzzing, is a software testing technique used to identify vulnerabilities and flaws in c
Fuzz testing, often called fuzzing, is a software testing technique used to identify vulnerabilities and flaws in computer programs, specifically in software applications, operating systems, and network protocols. The technique involves sending intentionally malformed or random data inputs to a target program to observe its response
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Fuzzing is Cool, Actually
TL;DR: Fuzz testing is really cool.
I've been interested in test automation for a long time, and one area in particular that I've been interested to learn about is fuzz testing. I'm now able to finally dig into this area of software engineering.
Fuzzing has been around for a while now, starting on a dark and stormy night in Wisconsin. Fuzzing is a technique for sending semi-random and possibly semi-invalid inputs to a piece of software (a function, a program, etc) to find bugs with this software. Over time, fuzzing - also known as fuzz testing - has been used to find security vulnerabilities in software in addition to purely functional software bugs. Fuzzing has also evolved from generating totally random data to becoming more intelligent about data generation and inputs. Fuzzing falls into the category of easy problems with difficult solutions that I enjoy.
One thing I find fascinating about fuzzing is that it is a classic case of test automation: after deciding what to fuzz, a developer can use a fuzzer to create test inputs and then execute tests using those inputs automatically. Effectively, automation is being used to do lots of work that a human would find tedious or even impossible to complete. Absolutely classic in the sense of using automation in testing and software quality assurance.
Another thing I find fascinating is how effective fuzz testing can be. Fuzzing is an exploratory technique since the developer using a fuzzer can control how many iterations of inputs are being sent to the software under test. In practice, this means a single fuzzer execution can take minutes, hours or even days depending on how many iterations the developer wishes to execute. In practice, however, many bugs can be detected within a minute. Such bugs may include overflow errors (heap, stack and so on), out-of-memory errors and null pointer exceptions. All of these kinds of bugs are simple to fix but can be surprisingly difficult to find manually even when using debuggers.
Lastly, and I cannot stress this enough: fuzzing is a well-established technique and subfield of computer science in its own right. The earliest fuzzers were literal homework assignments, but over the past few decades fuzzing has become quite sophisticated. There are techniques that can "guide" fuzzing inputs to find more "interesting" results (see feedback-based fuzzing), approaches to leverage multiple fuzzers at once (see ensemble fuzzing) and efforts to fuzz open source software effectively at scale. As well, specialized fuzzers have been created for fuzzing code in particular languages (C and C++ are the most common), fuzzing browsers, fuzzing web APIs are more.
Classic, effective, well-established: all things that sound good to me.
vaf is a cross-platform web fuzzer with a lot of features. Some of its features include:
