English
Related papers

Related papers: STADS: Software Testing as Species Discovery

200 papers

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively…

Cryptography and Security · Computer Science 2023-01-09 Cristian Daniele , Seyed Behnam Andarzian , Erik Poll

Database Management System (DBMS) fuzzing is an automated testing technique aimed at detecting errors and vulnerabilities in DBMSs by generating, mutating, and executing test cases. It not only reduces the time and cost of manual testing…

Databases · Computer Science 2023-11-14 Xiyue Gao , Zhuang Liu , Jiangtao Cui , Hui Li , Hui Zhang , Kewei Wei , Kankan Zhao

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

How to search for bugs in 1,000 programs using a pre-existing fuzzer and a standard PC? We consider this problem and show that a well-designed strategy that determines which programs to fuzz and for how long can greatly impact the number of…

Cryptography and Security · Computer Science 2025-01-28 Ivica Nikolic , Racchit Jain

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering…

Cryptography and Security · Computer Science 2019-04-09 Valentin J. M. Manes , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele , Edward J. Schwartz , Maverick Woo

Software is a great enabler for a number of projects that otherwise would be impossible to perform. Such projects include Space Exploration, Weather Modeling, Genome Projects, and many others. It is critical that software aiding these…

Software Engineering · Computer Science 2023-02-10 Aedin Pereira , Julia Ding , Zaina Ali , Rodion Podorozhny

Fuzz testing (fuzzing) is a well-known method for exposing bugs/vulnerabilities in software systems. Popular fuzzers, such as AFL, use a biased random search over the domain of program inputs, where 100s or 1000s of inputs (test cases) are…

Software Engineering · Computer Science 2023-08-02 Yuntong Zhang , Ridwan Shariffdeen , Gregory J. Duck , Jiaqi Tan , Abhik Roychoudhury

Smart contracts are susceptible to critical vulnerabilities. Hybrid dynamic analyses, such as concolic execution assisted fuzzing and foundation model assisted fuzzing, have emerged as highly effective testing techniques for smart contract…

Software Engineering · Computer Science 2024-09-10 Sally Junsong Wang , Jianan Yao , Kexin Pei , Hidedaki Takahashi , Junfeng Yang

Fuzzing -- whether generating or mutating inputs -- has found many bugs and security vulnerabilities in a wide range of domains. Stateful and highly structured web APIs present significant challenges to traditional fuzzing techniques, as…

Cryptography and Security · Computer Science 2021-12-21 Zac Hatfield-Dodds , Dmitry Dygalo

Field failures, that is, failures caused by faults that escape the testing phase leading to failures in the field, are unavoidable. Improving verification and validation activities before deployment can identify and timely remove many but…

Software Engineering · Computer Science 2017-09-01 Luca Gazzola , Leonardo Mariani , Fabrizio Pastore , Mauro Pezz`e

The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their…

Cryptography and Security · Computer Science 2020-01-16 Yuqi Chen , Christopher M. Poskitt , Jun Sun , Sridhar Adepu , Fan Zhang

Fuzzing has gained in popularity for software vulnerability detection by virtue of the tremendous effort to develop a diverse set of fuzzers. Thanks to various fuzzing techniques, most of the fuzzers have been able to demonstrate great…

Cryptography and Security · Computer Science 2023-02-28 Yu-Fu Fu , Jaehyuk Lee , Taesoo Kim

Fuzzing is a popular vulnerability automated testing method utilized by professionals and broader community alike. However, despite its abilities, fuzzing is a time-consuming, computationally expensive process. This is problematic for the…

Software Engineering · Computer Science 2023-07-25 Michael Wang , Michael Robinson

Background: Fuzzers are often guided by coverage, making the estimation of maximum achievable coverage a key concern in fuzzing. However, achieving 100% coverage is infeasible for most real-world software systems, regardless of effort.…

Software Engineering · Computer Science 2025-07-24 Danushka Liyanage , Nelum Attanayake , Zijian Luo , Rahul Gopinath

Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…

Software Engineering · Computer Science 2025-06-19 Miao Miao

The importance of addressing security vulnerabilities is indisputable, with software becoming crucial in sectors such as national defense and finance. Consequently, The security issues caused by software vulnerabilities cannot be ignored.…

Cryptography and Security · Computer Science 2024-01-31 Liqun Yang , Chunan Li , Yongxin Qiu , Chaoren Wei , Jian Yang , Hongcheng Guo , Jinxin Ma , Zhoujun Li

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of…

Cryptography and Security · Computer Science 2023-07-06 Tai D. Nguyen , Long H. Pham , Jun Sun

Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of…

Cryptography and Security · Computer Science 2017-06-02 Bhargava Shastry , Federico Maggi , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on…

Cryptography and Security · Computer Science 2024-12-24 Devesh Sawant , Manjesh K. Hanawal , Atul Kabra

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues