Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.
The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
Typically, fuzzers are used to test programs that take structured inputs.
A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.
Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!
Contents
- Books
- Papers
- Tools
- Platform
Books
- Fuzzing-101
- The Fuzzing Book (2019)
- The Art, Science, and Engineering of Fuzzing: A Survey (2019) – Actually, this document is a paper, but it contains more important and essential content than any other book.
- Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)
- Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)
- Open Source Fuzzing Tools, 1st Edition (2007)
Talks
- Fuzzing Labs – Patrick Ventuzelo, Youtube
- Effective File Format Fuzzing, Black Hat Europe 2016
- Adventures in Fuzzing, NYU Talk 2018
- Fuzzing with AFL, NDC Conferences 2018
Papers
To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019.
It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).
For more information click here.