Cybersecurity paper about Fuzzing Methods
Tim DudeAn academic paper about the cybersecurity method of Fuzzing.
Fuzzing, also known as fuzz testing, is an automated software testing technique used to find errors, bugs, and vulnerabilities in computer applications. It involves providing invalid, unexpected, or random data as inputs to a program and monitoring it for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Fuzzing is typically used to test programs that take structured inputs, and it generates semi-valid inputs that are "valid enough" to expose vulnerabilities. Fuzzing is used mostly as an automated technique to expose vulnerabilities in security-critical programs that might be exploited with malicious intent. It is a black box testing technique that is carried out without the knowledge of the subject program's internal structure. Fuzzing is an effective technique to demonstrate the presence of bugs rather than their absence.
This paper presents a summary of recent advances in fuzzing, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing. The paper provides an overview of the different types of fuzzing techniques, such as black-box, white-box, and grey-box fuzzing, and discusses their strengths and weaknesses. It also covers the different types of inputs that can be used for fuzzing, such as file formats, network protocols, and user inputs. The paper concludes with a discussion of the challenges and future directions of fuzzing research.