English
Related papers

Related papers: BackREST: A Model-Based Feedback-Driven Greybox Fu…

200 papers

A fuzzer provides randomly generated inputs to a targeted software to expose erroneous behavior. To efficiently detect defects, generated inputs should conform to the structure of the input format and thus, grammars can be used to generate…

Software Engineering · Computer Science 2020-08-05 Martin Eberlein , Yannic Noller , Thomas Vogel , Lars Grunske

RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of the emerging techniques for ensuring the reliability of RESTful APIs. The major challenge in testing RESTful APIs is the need for…

Software Engineering · Computer Science 2022-06-28 Yi Liu , Yuekang Li , Gelei Deng , Yang Liu , Ruiyuan Wan , Runchao Wu , Dandan Ji , Shiheng Xu , Minli Bao

LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache,…

Cryptography and Security · Computer Science 2026-05-13 Yunze Zhao , Yibo Zhao , Yuchen Zhang , Zaoxing Liu , Michelle L. Mazurek

Fuzzing is a widely used technique for detecting vulnerabilities in smart contracts, which generates transaction sequences to explore the execution paths of smart contracts. However, existing fuzzers are falling short in detecting…

Cryptography and Security · Computer Science 2025-11-18 Jie Chen , Liangmin Wang

Fuzz testing, or "fuzzing," refers to a widely deployed class of techniques for testing programs by generating a set of inputs for the express purpose of finding bugs and identifying security flaws. Grey-box fuzzing, the most popular…

Artificial Intelligence · Computer Science 2018-08-28 Siddharth Karamcheti , Gideon Mann , David Rosenberg

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering…

Cryptography and Security · Computer Science 2019-04-09 Valentin J. M. Manes , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele , Edward J. Schwartz , Maverick Woo

MLFuzz, a work accepted at ACM FSE 2023, revisits the performance of a machine learning-based fuzzer, NEUZZ. We demonstrate that its main conclusion is entirely wrong due to several fatal bugs in the implementation and wrong evaluation…

Cryptography and Security · Computer Science 2024-09-10 Dongdong She , Kexin Pei , Junfeng Yang , Baishakhi Ray , Suman Jana

The emerging data-intensive applications are increasingly dependent on data-intensive scalable computing (DISC) systems, such as Apache Spark, to process large data. Despite their popularity, DISC applications are hard to test. In recent…

Software Engineering · Computer Science 2021-03-10 Qian Zhang , Jiyuan Wang , Muhammad Ali Gulzar , Rohan Padhye , Miryung Kim

REST APIs are widely used in industry, in all different kinds of domains. An example is Volkswagen AG, a German automobile manufacturer. Established testing approaches for REST APIs are time consuming, and require expertise from…

Software Engineering · Computer Science 2026-04-03 Andrea Arcuri , Alexander Poth , Olsi Rrjolli , Philip Garrett , Juan P. Galeotti

Greybox fuzzing is one of the most popular methods for detecting software vulnerabilities, which conducts a biased random search within the program input space. To enhance its effectiveness in achieving deep coverage of program behaviors,…

Software Engineering · Computer Science 2026-05-06 Ruijie Meng , Gregory J. Duck , Abhik Roychoudhury

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

A common way of exposing functionality in contemporary systems is by providing a Web-API based on the REST API architectural guidelines. To describe REST APIs, the industry standard is currently OpenAPI-specifications. Test generation and…

Software Engineering · Computer Science 2023-10-27 Stefan Karlsson , Robbert Jongeling , Adnan Causevic , Daniel Sundmark

A growing body of research has been dedicated to DL model testing. However, there is still limited work on testing DL libraries, which serve as the foundations for building, training, and running DL models. Prior work on fuzzing DL…

Software Engineering · Computer Science 2022-07-13 Yinlin Deng , Chenyuan Yang , Anjiang Wei , Lingming Zhang

Modern embedded Linux devices, such as routers, IP cameras, and IoT gateways, rely on complex software stacks where numerous daemons interact to provide services. Testing these devices is crucial from a security perspective since vendors…

Cryptography and Security · Computer Science 2025-09-23 Alessio Izzillo , Riccardo Lazzeretti , Emilio Coppa

Fuzzing is one of the most effective approaches to finding software flaws. However, applying it to microcontroller firmware incurs many challenges. For example, rehosting-based solutions cannot accurately model peripheral behaviors and thus…

Cryptography and Security · Computer Science 2022-04-20 Wenqiang Li , Jiameng Shi , Fengjun Li , Jingqiang Lin , Wei Wang , Le Guan

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited…

Cryptography and Security · Computer Science 2025-10-28 Georgios Androutsopoulos , Antonio Bianchi

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on…

Cryptography and Security · Computer Science 2026-04-21 Yihao Zou , Tianming Zheng , Futai Zou , Yue Wu

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

Software Engineering · Computer Science 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Fuzz testing has become a cornerstone technique for identifying software bugs and security vulnerabilities, with broad adoption in both industry and open-source communities. Directly fuzzing a function requires fuzz drivers, which translate…

Software Engineering · Computer Science 2025-10-03 Paschal C. Amusuo , Dongge Liu , Ricardo Andres Calvo Mendez , Jonathan Metzman , Oliver Chang , James C. Davis
‹ Prev 1 3 4 5 6 7 10 Next ›