poster

A preliminary taxonomy of techniques used in software fuzzing

Authors:

Raunak Shakya,

Akond RahmanAuthors Info & Claims

HotSoS '20: Proceedings of the 7th Symposium on Hot Topics in the Science of Security

Article No.: 14, Pages 1 - 2

https://doi.org/10.1145/3384217.3384219

Published: 21 September 2020 Publication History

Get Access

Abstract

Software fuzzing is a testing technique, which generates erroneous and random input to a software so that the software of interest can be monitored for exceptions such as crashes [1]. Both in the open source software (OSS) and proprietary domain, fuzzing has been widely used to explore software vulnerabilities. For example, information technology (IT) organizations such as Google¹ and Microsoft² use software fuzzing as part of the software development process. As of Jan 2019, GitHub hosts 2,915 OSS repositories related to fuzzing³.

References

[1]

Paul Ammann and Jeff Offutt. 2016. Introduction to software testing. Cambridge University Press.

Google Scholar

[2]

Stuart Anderson, Pauline Allen, Stephen Peckham, and Nick Goodwin. 2008. Asking the right questions: scoping studies in the commissioning of research on the organisation and delivery of health services. Health research policy and systems 6, 1 (2008), 7.

Google Scholar

[3]

Edmund M Clarke and Jeannette M Wing. 1996. Formal methods: State of the art and future directions. ACM Computing Surveys (CSUR) 28, 4 (1996), 626--643.

Digital Library

Google Scholar

[4]

Mark Harman. 2007. The current state and future of search based software engineering. In 2007 Future of Software Engineering. IEEE Computer Society, 342--357.

Google Scholar

[5]

James C King. 1976. Symbolic execution and program testing. Commun. ACM 19, 7 (1976), 385--394.

Digital Library

Google Scholar

[6]

E. S. Mesh and J. S. Hawker. 2013. Scientific software process improvement decisions: A proposed research strategy. In 2013 5th International Workshop on Software Engineering for Computational Science and Engineering (SE-CSE). 32--39.

Crossref

Google Scholar

[7]

Sam Newman. 2015. Building microservices: designing fine-grained systems. "O'Reilly Media, Inc.".

Digital Library

Google Scholar

[8]

Akond Rahman and Laurie Williams. 2019. A Bird's Eye View of Knowledge Needs Related to Penetration Testing (HotSoS '19). Association for Computing Machinery, New York, NY, USA, Article Article 9, 2 pages.

Digital Library

Google Scholar

[9]

E.J. Schwartz, T. Avgerinos, and D. Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In 2010 IEEE Symposium on Security and Privacy. 317--331.

Digital Library

Google Scholar

[10]

Moshe Y Vardi. 2009. Conferences vs. journals in computing research. Commun. ACM 52, 5 (2009), 5--5.

Digital Library

Google Scholar

[11]

T. Zimmermann. 2016. Card-sorting: From text to themes. In Perspectives on Data Science for Software Engineering, Tim Menzies, Laurie Williams, and Thomas Zimmermann (Eds.). Morgan Kaufmann, Boston, 137 -- 141.

Crossref

Google Scholar

Cited By

View all

Assiri FAljahdali A(2024)Software Vulnerability Fuzz Testing: A Mutation-Selection Optimization Systematic ReviewEngineering, Technology & Applied Science Research10.48084/etasr.697114:4(14961-14969)Online publication date: 2-Aug-2024
https://doi.org/10.48084/etasr.6971

Index Terms

A preliminary taxonomy of techniques used in software fuzzing
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Fuzzing for CPS Mutation Testing
ASE '23: Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering

Mutation testing can help reduce the risks of releasing faulty software. For such reason, it is a desired practice for the development of embedded software running in safety-critical cyber-physical systems (CPS). Unfortunately, state-of-the-art test data ...
The Application of Fuzzing in Web Software Security Vulnerabilities Test
ITA '13: Proceedings of the 2013 International Conference on Information Technology and Applications

Web applications need for extensive testing before deployment and use, for early detecting security vulnerabilities to improve the quality of the safety of the software, the purpose of this paper is to research the fuzzing applications in security ...
Finding Software Vulnerabilities by Smart Fuzzing
ICST '11: Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation

Nowadays, one of the most effective ways to identify software vulnerabilities by testing is the use of fuzzing, whereby the robustness of software is tested against invalid inputs that play on implementation limits or data boundaries. A high number of ...

Comments

Information & Contributors

Information

Published In

HotSoS '20: Proceedings of the 7th Symposium on Hot Topics in the Science of Security

September 2020

189 pages

ISBN:9781450375610

DOI:10.1145/3384217

General Chair:
Perry Alexander
The University of Kansas
,
Program Chairs:
Drew Davidson
The University of Kansas
,
Baek-Young Choi
University of Missouri, Kansas City

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 September 2020

Check for updates

Author Tags

Qualifiers

Poster

Conference

HotSoS '20

HotSoS '20: Hot Topics in the Science of Security

September 21 - 23, 2020

Kansas, Lawrence

Acceptance Rates

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
81
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Assiri FAljahdali A(2024)Software Vulnerability Fuzz Testing: A Mutation-Selection Optimization Systematic ReviewEngineering, Technology & Applied Science Research10.48084/etasr.697114:4(14961-14969)Online publication date: 2-Aug-2024
https://doi.org/10.48084/etasr.6971

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Fuzzing for CPS Mutation Testing

The Application of Fuzzing in Web Software Security Vulnerabilities Test

Finding Software Vulnerabilities by Smart Fuzzing

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations