Memory corruption vulnerabilities are an everpresent risk in software, which attackers can exploit to obtain unauthorized access to confidential information. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition,...

Fuzzing is a widely-used testing technique to assure software robustness. However, automatic generation of high-quality test suites challenging, especially for that takes in highly-structured inputs, such as the compilers. Compiler fuzzing remains difficult generating tons syntactically and semantically valid programs not trivial. Most previous methods either depend on human-crafted grammars or...

The security research on Windows has received little attention in the academic circle. Most of new methods are usually designed for Linux system and difficult to transplant Windows. Fuzzing programs always suffers from its closed source. Therefore, we need find an appropriate way achieve feedback programs. To our knowledge, there no stable scalable static instrumentation tools yet, dynamic tool...

Fuzzing as a part of the continuous integration is necessary tool, aimed primarily at providing confidence in software being developed. At same time, presence significant amounts source code, fuzzing becomes resource-intensive task. That’s why increasing efficiency to reach needed code sections more quickly without reducing quality an important line research. The article deals with approaches i...

Coverage-guided fuzzing is one of the most effective approaches for discovering software defects and vulnerabilities. It executes all mutated tests from seed inputs to expose coverage-increasing tests. However, executing incurs significant performance penalties---most are discarded because they do not increase code coverage. Thus, determining if a test increases coverage without actually it ben...

Fuzzing is a widely used technique to discover vulnerabilities in software. However, for programs requiring highly structured inputs, the byte-based mutation strategies existing fuzzers have difficulties generating valid inputs. To resolve this challenge, Grammar-Based (GBF) utilizes grammar specifications generate new Some GBFs perform based on Abstract Syntax Trees (ASTs), which can inputs co...