Awesome Fuzzing – The Ultimate Resource For Enhancing Software Security

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!

Books
Papers
Tools
Platform

Books

Fuzzing-101
The Fuzzing Book (2019)
The Art, Science, and Engineering of Fuzzing: A Survey (2019) – Actually, this document is a paper, but it contains more important and essential content than any other book.
Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)
Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)
Open Source Fuzzing Tools, 1st Edition (2007)

Talks

Fuzzing Labs – Patrick Ventuzelo, Youtube
Effective File Format Fuzzing, Black Hat Europe 2016
Adventures in Fuzzing, NYU Talk 2018
Fuzzing with AFL, NDC Conferences 2018

Papers

To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019.

It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.