Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!


  • Books
  • Papers
  • Tools
  • Platform




To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019.

It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

For more information click here.