Awesome Fuzzing – The Ultimate Resource For Enhancing Software Security

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!

Books
Papers
Tools
Platform

Books

Fuzzing-101
The Fuzzing Book (2019)
The Art, Science, and Engineering of Fuzzing: A Survey (2019) – Actually, this document is a paper, but it contains more important and essential content than any other book.
Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)
Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)
Open Source Fuzzing Tools, 1st Edition (2007)

Talks

Fuzzing Labs – Patrick Ventuzelo, Youtube
Effective File Format Fuzzing, Black Hat Europe 2016
Adventures in Fuzzing, NYU Talk 2018
Fuzzing with AFL, NDC Conferences 2018

Papers

To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019.

It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.