Search results: fuzzing

USENIX Security ’23 – DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing

Authors/Presenters: *Ming Yuan and Bodong Zhao, Penghui Li, Jiashuo Liang, Xinhui Han, Xiapu Luo, Chao Zhang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations ...
Why fuzzing over formal verification?

Why fuzzing over formal verification?

| | blockchain, fuzzing
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...
How we applied advanced fuzzing techniques to cURL

How we applied advanced fuzzing techniques to cURL

By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...

USENIX Security ’23 – Dawei Wang, Ying Li, Zhiyu Zhang, Kai Chen – CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...

USENIX Security ’23 – Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer – GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...

Continuously fuzzing Python C extensions

| | fuzzing, open source
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...

USENIX Security ’23 – Junjie Wang, Zhiyi Zhang, Shuang Liu, Xiaoning Du, Junjie Chen – FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and ...

USENIX Security ’23 – Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, Thorsten Holz – Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge

Distinguished Paper Award Winner and Runner-Up Winner of the 2023 Internet Defense Prize Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to ...

Master fuzzing with our new Testing Handbook chapter

Our latest addition to the Trail of Bits Testing Handbook is a comprehensive guide to fuzzing: an essential, effective, low-effort method to find bugs in software that involves repeatedly running a program ...
Google software security

Google Pushes Software Security Via Rust, AI-Based Fuzzing

Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between ...
Security Boulevard