libFuzzer – a library for coverage-guided fuzz testing.¶

Guide on how to fuzz test software written in the Rust programming language

Experimental fuzzer for PHP libraries. Contribute to nikic/PHP-Fuzzer development by creating an account on GitHub.

GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C - github/cmark-gfm

Curated list of resources on testing distributed systems - asatarin/testing-distributed-systems

In this article I demonstrate how to fuzz test floating point code using libFuzzer.

Top-level description of the AddressSanitizer feature for Microsoft C/C++.

Tech magazine for cybersecurity specialists

CommonMark parsing and rendering library and program in C - swiftlang/swift-cmark

GitHub Repository: https://github.com/msuiche/ruby-square Introduction 🔗In May, Microsoft announced a bounty for their new IoT platform called Azure Sphere. The interesting part about it is that it’s created with security in mind, which is a much needed initiative, so we decided to take a look. While we didn’t find any issues worth reporting, we thought it would be a waste not to share what we’ve learned. Hopefully, this will be useful for others wanting to research the platform or those considering to use it for their projects.

Going through the steps of using cargo fuzz to find bugs in Rust projects

January 2020 material. Contribute to cppeindhoven/jan-20 development by creating an account on GitHub.

Solving problems that don't need solving, just because it's fun and educating.

Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally wri...

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...

Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally wri...

Dive deep into the special sauce that underpins the Capture SDK: the ring buffer. This post covers the gory technical details.

An step by step fuzzing tutorial. A GitHub Security Lab initiative - antonio-morales/Fuzzing101

I turned this blog post into the video Creating grug: the perfect modding language, so I recommend watching that instead.

Allocationless C89 JSON parser. Contribute to MyNameIsTrez/allocationless-c89-json-parser development by creating an account on GitHub.

AFL-based fuzz testing for .NET. Contribute to Metalnem/sharpfuzz development by creating an account on GitHub.

Randomized testing for Go. Contribute to dvyukov/go-fuzz development by creating an account on GitHub.

Using libfuzzer to fuzz an interface by modeling the problem as a virtual machine interpreter.

Inspiration: I wrote my undergrad Thesis on a new distributed fuzzer called Hopper that I built, and I always get the question: "What is a…

Go 1.18 is coming out soon. It's a huge release, but native fuzzing has a special place in my heart. Not much has been written yet on how Go's fuzzing system actually works, so I'll talk a bit about that here.

TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt to cause unexpected behavior. It’s an important, […]

OSS-Fuzz - continuous fuzzing for open source software. - google/oss-fuzz

Documentation for OSS-Fuzz

Use-after-free vulnerabilities are among the most dangerous memory corruption bugs. Learn what they are, how they work, and how to find them.

The WebAssembly Binary Toolkit. Contribute to WebAssembly/wabt development by creating an account on GitHub.

Today, on behalf of the Rust Fuzzing Authority, I’d like toannounce new releases of the arbitrary,libfuzzer-sys, and cargo fuzzcrates. Collectively, these re...

Contribute to google/atheris development by creating an account on GitHub.

Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead to denial of service, and in Ruby C extensions, they […]

Scalable fuzzing infrastructure. Contribute to google/clusterfuzz development by creating an account on GitHub.

Documentation for OSS-Fuzz

Documentation for ClusterFuzzLite

:diamond_shape_with_a_dot_inside: Single-file glTF 2.0 loader and writer written in C99 - jkuhlmann/cgltf

Coverage-guided, in-process fuzzing for the JVM. Contribute to CodeIntelligenceTesting/jazzer development by creating an account on GitHub.

In the first half of 2018, I found a number of security issues in the Trezor One hardware wallet during my master thesis on fuzzing and verification. Most of the issues were discovered through the powerful combination of fuzzing with libFuzzer and error detection via sanitizers such as Address Sanitizer and Undefined Behavior Sanitizer.

Guide on how to fuzz test software written in the Rust programming language

Bitcoin Core integration/staging tree. Contribute to bitcoin/bitcoin development by creating an account on GitHub.

[Edit] I was just told that libFuzzer is deprecated. I think the ideas presented are valid for any fuzzer, but the details will differ. Wh...

The blog

Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program under test (PUT; sometimes also SUT, DUT, etc.). Fuzzing is often celebrated as one of the most effective ways to find bugs in programs due to its inherently random nature, which defies human expectation or bias1. The strategy has found countless security-critical bugs (think tens or hundreds of thousands) over its 30-odd-years of existence, and yet faces regular suspicion from industry and academia alike. Mostly. Fuzzers can be overfit to certain applications, intentionally or not. ↩

Documentation for ClusterFuzz

A few days ago I published a short post about two bugs I wrote while developing the C++ external scanner for my TLA⁺ tree-sitter grammar. Reactions were mixed! Many people were supportive, but there were of course the usual drive-by claims by developers that the bugs were trivial, they would’ve found & fixed them inside of 20 minutes, and I was laughably incompetent for having written them in the first place. Maybe so! I’m a fan of formal methods primarily so I don’t have to be a genius to write correct code. In that same vein of building tools to save us from ourselves, one user suggested building the tree-sitter grammar with the LLVM address & undefined behavior sanitizers enabled. I’d used valgrind a long time ago but had never played around with sanitizers. I was also doing some closely-associated work to build the grammar for fuzzing with LLVM’s libFuzzer, so it seemed a fun detour to check whether those sanitizers would have saved me days of debugging pain!

In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS. First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary code execution on the device. Then, using a …

Maxime Chevalier-Boisvert requested resources for learning about fuzzingprogramming language implementations on Twitter:

A blog about computer science, systems, technology, and sometimes vegan cooking.

A blog about computer science, systems, technology, and sometimes vegan cooking.

La Maison-Blanche demande un audit sur la sécurité des logiciels open source. Partie 2/3 : audit automatique des projets.

Intro The architectures of software fuzzing setups that authors of security fuzzing tools had originally implemented were fairly simple. I...

Mozilla has been fuzzing Firefox for a while. It has proven to be one of the most efficient ways to identify quality and security issues.

OSS-Fuzz - continuous fuzzing for open source software. - google/oss-fuzz

The WebAssembly Binary Toolkit. Contribute to WebAssembly/wabt development by creating an account on GitHub.

Curated list of resources on testing distributed systems

General purpose TLS and crypto library. Contribute to openssl/openssl development by creating an account on GitHub.

A revolutionary coverage-driven fuzzer credited with finding countless vulnerabilities in open-source code.

CommonMark parsing and rendering library and program in C - commonmark/cmark

Accuracy and availability are important for any database management system. Learn about Yugabyte’s rigorous testing process for our core database product.

Quilt implemented in C++. Contribute to skeeto/quilt.cpp development by creating an account on GitHub.

Memory safety is a property of some programming languages that prevents programmers from introducing certain types of bugs related to how memory is used. Since memory safety bugs are often security issues, memory safe languages are more secure than languages that are not memory safe. Memory safe languages include Rust, Go, C#, Java, Swift, Python, and JavaScript. Languages that are not memory safe include C, C++, and assembly. Types of Memory Safety Bugs To begin understanding memory safety bugs, we'll consider the example of an application that maintains to do lists for many users. We'll look at a couple of the most common types of memory safety errors that can occur in programs that are not memory safe.