Why fuzzing over formal verification?

Why fuzzing over formal verification?

| | blockchain, fuzzing
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...

CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

Learn about CVE-2023-7060, which identified a missing security control in Zephyr OS IP Packet Handling. Get details like remediation advice, exploitation, and impact of the vulnerability. The post CyRC Vulnerability Advisory: CVE-2023-7060 ...
How we applied advanced fuzzing techniques to cURL

How we applied advanced fuzzing techniques to cURL

By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...

Continuously fuzzing Python C extensions

| | fuzzing, open source
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...

Master fuzzing with our new Testing Handbook chapter

Our latest addition to the Trail of Bits Testing Handbook is a comprehensive guide to fuzzing: an essential, effective, low-effort method to find bugs in software that involves repeatedly running a program ...
Test mode enhancements to Defensics fuzz testing

Test mode enhancements to Defensics fuzz testing

The leading fuzz testing tool, Defensics, offers an unlimited mode for more test cases. Read on to learn about test mode enhancements with Synopsys.The post Test mode enhancements to Defensics fuzz testing ...
😱

Improving the state of Cosmos fuzzing

| | fuzzing, Go
By Gustavo Grieco Cosmos is a platform enabling the creation of blockchains in Go (or other languages). Its reference implementation, Cosmos SDK, leverages strong fuzz testing extensively, following two approaches: smart fuzzing ...
Chaos Communication Congress (37C3) recap

Chaos Communication Congress (37C3) recap

Last month, two of our engineers attended the 37th Chaos Communication Congress (37C3) in Hamburg, joining thousands of hackers who gather each year to exchange the latest research and achievements in technology ...
Fuzzing on-chain contracts with Echidna

Fuzzing on-chain contracts with Echidna

| | blockchain, fuzzing
By Guillermo Larregay and Elvis Skozdopolj With the release of version 2.1.0 of Echidna, our fuzzing tool for Ethereum smart contracts, we’ve introduced new features for direct retrieval of on-chain data, such ...
cURL audit: How a joke led to significant findings

cURL audit: How a joke led to significant findings

| | audits, fuzzing
By Maciej Domanski In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of ...