Fuzzing Weekly
24. March 2023 | CW12
In this paper, we report our findings from using state-of-the-art mutation-based
and hybrid fuzzers (AFL, Angora, Honggfuzz, Intriguer, MOpt-AFL, QSym, and SymCC) on a non-trivial code base, that of Contiki-NG, to expose and fix serious vulnerabilities in various layers of its network stack, during a period of more than three years. Learn more.
From: Clément Poncelet, Konstantinos Sagonas, Nicolas Tsiftes
This article introduces Blender, the new automatic whole-program fuzzer that solves the scalability problem in fuzzing without the need for a human expert to identify and write fuzz target functions. With Blender, it becomes possible to fuzz all buildable binaries on Github, making it a game-changer for large code bases. Learn more.
From: dvyukov
In Other News
- GitHub Copilot X Adopts GPT-4
GitHub Copilot is evolving to bring chat and voice interfaces, support pull requests, answer questions on docs, and adopt OpenAI’s GPT-4 for a more personalized developer experience. Learn more.
From: Thomas Dohmke
- Fuzzing Finds CVE in Spring.io
Security researches discovered a CVE in the Spring framework which causes a Denial-of-Service if exploited, using Jazzer and OSS-Fuzz. Learn more.
From: David Merian
This Week's Discussions
- Call to ruby Regex Through C Api From C Code Not Working
From: SomeNerd
- OWASP ZAP Pitchfork?
From: smthamazing
New Tutorial
- Fuzzing Web Applications with Wfuzz
From: Motasem Hamdan
Fuzzing Jobs
- Application Security Engineer
Code Intelligence. Remote
- Security Engineer, Product Security
Meta, Remote
Code Intelligence, Rheinwerkallee 6,
Bonn, NRW 53227, +49 228 28695830
Unsubscribe Manage preferences