Skip header Section
Skip Bibliometrics Section
Fuzzing for Software Security Testing and Quality AssuranceJanuary 2018
- Authors:
- Ari Takanen,
- Jared D. Demott,
- Charles Miller
Skip Abstract Section
Abstract
This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.
Cited By
- Zhao X, Qu H, Xu J, Li X, Lv W and Wang G (2024). A systematic review of fuzzing, Soft Computing - A Fusion of Foundations, Methodologies and Applications, 28:6, (5493-5522), Online publication date: 1-Mar-2024.
- Kuliamin V (2024). A Survey of Software Dynamic Analysis Methods, Programming and Computing Software, 50:1, (90-114), Online publication date: 1-Feb-2024.
- Zhang F, Wu Q, Xuan B, Chen Y, Lin W, Poskitt C, Sun J and Chen B (2023). Constructing Cyber-Physical System Testing Suites Using Active Sensor Fuzzing, IEEE Transactions on Software Engineering, 49:11, (4829-4845), Online publication date: 1-Nov-2023.
- Yun J, Rustamov F, Kim J and Shin Y (2022). Fuzzing of Embedded Systems: A Survey, ACM Computing Surveys, 55:7, (1-33), Online publication date: 31-Jul-2023.
- Chaleshtari N, Pastore F, Goknil A and Briand L (2023). Metamorphic Testing for Web System Security, IEEE Transactions on Software Engineering, 49:6, (3430-3471), Online publication date: 1-Jun-2023.
- Bousy I, Barr E and Clark D (2023). PopArt: Ranked Testing Efficiency, IEEE Transactions on Software Engineering, 49:4, (2221-2238), Online publication date: 1-Apr-2023.
- Tang B, Shah V, Marojevic V and Reed J (2023). AI Testing Framework for Next-G O-RAN Networks: Requirements, Design, and Research Opportunities, IEEE Wireless Communications, 30:1, (70-77), Online publication date: 1-Feb-2023.
- Li X, Liu X, Chen L, Prajapati R and Wu D FuzzBoost: Reinforcement Compiler Fuzzing Information and Communications Security, (359-375)
- Wang L, Cao C, Ye J, Zhong W and Jain D (2022). RW-Fuzzer, Wireless Communications & Mobile Computing, 2022, Online publication date: 1-Jan-2022.
- Zhang S, Liu S, Sun J, Chen Y, Huang W, Liu J, Liu J and Hao J FIGCPS Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, (555-567)
- Li S, Lin Y, Xie X, Li Y, Li X, Ge W, Liu Y and Dong J A first look at the effect of deep learning in coverage-guided fuzzing Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, (1186-1189)
- Cao Y, Zheng Y, Lin S, Liu Y, Teo Y, Toh Y and Adiga V Automatic HMI structure exploration via curiosity-based reinforcement learning Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, (1151-1155)
- Zakeri Nasrabadi M, Parsa S and Kalaee A (2021). Format-aware learn&fuzz: deep test data generation for efficient fuzzing, Neural Computing and Applications, 33:5, (1497-1513), Online publication date: 1-Mar-2021.
- Tan Z and Lu H A Systemic Review of Kernel Fuzzing Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, (283-289)
- Zarour M, Alenezi M and Alsarayrah K Software Security Specifications and Design Proceedings of the 24th International Conference on Evaluation and Assessment in Software Engineering, (451-456)
- Hodován R, Kiss Á and Gyimóthy T Grammarinator: a grammar-based open source fuzzer Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, (45-48)
Index Terms
- Fuzzing for Software Security Testing and Quality Assurance
Please enable JavaScript to view thecomments powered by Disqus.