English
Related papers

Related papers: BackREST: A Model-Based Feedback-Driven Greybox Fu…

200 papers

Software's pervasive impact and increasing reliance in the era of digital transformation raise concerns about vulnerabilities, emphasizing the need for software security. Fuzzy testing is a dynamic analysis software testing technique that…

Software Engineering · Computer Science 2024-07-22 Tiago Dias , Eva Maia , Isabel Praça

Grey-box fuzzers such as American Fuzzy Lop (AFL) are popular tools for finding bugs and potential vulnerabilities in programs. While these fuzzers have been able to find vulnerabilities in many widely used programs, they are not efficient;…

Artificial Intelligence · Computer Science 2018-11-26 Siddharth Karamcheti , Gideon Mann , David Rosenberg

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk…

Software Engineering · Computer Science 2026-03-26 Thomas Rooijakkers , Anne Nijsten , Cristian Daniele , Erieke Weitenberg , Ringo Groenewegen , Arthur Melissen

In RESTful APIs, interactions with a database are a common and crucial aspect. When generating whitebox tests, it is essential to consider the database's state (i.e., the data contained in the database) to achieve higher code coverage and…

Software Engineering · Computer Science 2025-07-29 Hernan Ghianni , Man Zhang , Juan P. Galeotti , Andrea Arcuri

A code-level backdoor is a hidden access, programmed and concealed within the code of a program. For instance, hard-coded credentials planted in the code of a file server application would enable maliciously logging into all deployed…

Cryptography and Security · Computer Science 2025-05-14 Dimitri Kokkonis , Michaël Marcozzi , Emilien Decoux , Stefano Zacchiroli

Fuzzing -- testing programs with random inputs -- has become the prime technique to detect bugs and vulnerabilities in programs. To generate inputs that cover new functionality, fuzzers require execution feedback from the program -- for…

Software Engineering · Computer Science 2020-12-29 Rahul Gopinath , Bachir Bendrissou , Björn Mathis , Andreas Zeller

Representational state transfer (REST) is a widely employed architecture by web applications and cloud. Users can invoke such services according to the specification of their application interfaces, namely RESTful APIs. Existing approaches…

Software Engineering · Computer Science 2022-03-08 Jiaxian Lin , Tianyu Li , Yang Chen , Guangsheng Wei , Jiadong Lin , Sen Zhang , Hui Xu

Due to its importance and widespread use in industry, automated testing of REST APIs has attracted major interest from the research community in the last few years. However, most of the work in the literature has been focused on black-box…

Software Engineering · Computer Science 2023-09-18 Andrea Arcuri , Man Zhang , Juan Pablo Galeotti

RESTful APIs are a type of web services that are widely used in industry. In the last few years, a lot of effort in the research community has been spent in designing novel techniques to automatically fuzz those APIs to find faults in them.…

Software Engineering · Computer Science 2022-07-11 Man Zhang , Andrea Arcuri

With the growth of web applications, REST APIs have become the primary communication method between services. In order to ensure system reliability and security, software quality can be assured by effective testing methods. Black box fuzz…

Software Engineering · Computer Science 2022-01-03 Chung-Hsuan Tsai , Shi-Chun Tsai , Shih-Kun Huang

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable…

Software Engineering · Computer Science 2025-04-29 Jiazhao Yu , Yanlun Tu , Zhanlei Zhang , Tiehua Zhang , Cheng Xu , Weigang Wu , Hong Jin Kang , Xi Zheng

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to…

Cryptography and Security · Computer Science 2024-02-20 Jueon Eom , Seyeon Jeong , Taekyoung Kwon

Greybox fuzzing is one of the most useful and effective techniques for the bug detection in large scale application programs. It uses minimal amount of instrumentation. American Fuzzy Lop (AFL) is a popular coverage based evolutionary…

Artificial Intelligence · Computer Science 2018-06-12 Ketan Patil , Aditya Kanade

In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these…

Cryptography and Security · Computer Science 2022-05-31 Anastasios Andronidis , Cristian Cadar

Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific…

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the…

Cryptography and Security · Computer Science 2023-03-14 Marcello Maugeri , Cristian Daniele , Giampaolo Bella , Erik Poll

Information leakage is a class of error that can lead to severe consequences. However unlike other errors, it is rarely explicitly considered during the software testing process. LeakFuzzer advances the state of the art by using a…

Software Engineering · Computer Science 2025-01-27 Daniel Blackwell , Ingolf Becker , David Clark

Test flakiness is a common problem in industry, which hinders the reliability of automated build and testing workflows. Most existing research on test flakiness has primarily focused on unit and small-scale integration tests. In contrast,…

Software Engineering · Computer Science 2026-03-31 Man Zhang , Chongyang Shen , Andrea Arcuri , Tao Yue

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev
‹ Prev 1 2 3 10 Next ›