Hands-on fuzzing of open source project
Fuzz testing, or fuzzing, is the automated testing of software by providing ran- dom inputs to the program under test. With advances in fuzzing research and ready-made fuzzers like AFL++, fuzzing has became a powerful tool in software testing. This final year project first explores the idea of im...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/174961 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-174961 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1749612024-04-19T15:45:58Z Hands-on fuzzing of open source project Zhou, Yiqi Liu Yang Wu Hongjun School of Computer Science and Engineering School of Physical and Mathematical Sciences yangliu@ntu.edu.sg, wuhj@ntu.edu.sg Computer and Information Science Fuzzing Fuzz testing AFL++ Fuzz testing, or fuzzing, is the automated testing of software by providing ran- dom inputs to the program under test. With advances in fuzzing research and ready-made fuzzers like AFL++, fuzzing has became a powerful tool in software testing. This final year project first explores the idea of improving fuzzing speed by parallelizing the input generation part of the fuzzer in the fuzzing library LibAFL. It includes an analysis of the fuzzing process from a performance per- spective and reasoning of why this parallelization idea ultimately cannot work. Then, the project pivots to applying ready-made fuzzing tool AFL++ to fuzz an open source software. The report details all parts of this fuzzing campaign: preparation of environment, development of custom fuzzing harness, monitoring and optimization of fuzzing process, crash triage, and disclosure. Several bugs were identified as a result of this fuzzing campaign. Above all else, this project is a learning process for me to dive into the topic of fuzzing. Bachelor's degree 2024-04-17T07:28:34Z 2024-04-17T07:28:34Z 2024 Final Year Project (FYP) Zhou, Y. (2024). Hands-on fuzzing of open source project. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/174961 https://hdl.handle.net/10356/174961 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science Fuzzing Fuzz testing AFL++ |
| spellingShingle |
Computer and Information Science Fuzzing Fuzz testing AFL++ Zhou, Yiqi Hands-on fuzzing of open source project |
| description |
Fuzz testing, or fuzzing, is the automated testing of software by providing ran-
dom inputs to the program under test. With advances in fuzzing research and
ready-made fuzzers like AFL++, fuzzing has became a powerful tool in software
testing. This final year project first explores the idea of improving fuzzing speed
by parallelizing the input generation part of the fuzzer in the fuzzing library
LibAFL. It includes an analysis of the fuzzing process from a performance per-
spective and reasoning of why this parallelization idea ultimately cannot work.
Then, the project pivots to applying ready-made fuzzing tool AFL++ to fuzz
an open source software. The report details all parts of this fuzzing campaign:
preparation of environment, development of custom fuzzing harness, monitoring
and optimization of fuzzing process, crash triage, and disclosure. Several bugs
were identified as a result of this fuzzing campaign. Above all else, this project
is a learning process for me to dive into the topic of fuzzing. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Zhou, Yiqi |
| format |
Final Year Project |
| author |
Zhou, Yiqi |
| author_sort |
Zhou, Yiqi |
| title |
Hands-on fuzzing of open source project |
| title_short |
Hands-on fuzzing of open source project |
| title_full |
Hands-on fuzzing of open source project |
| title_fullStr |
Hands-on fuzzing of open source project |
| title_full_unstemmed |
Hands-on fuzzing of open source project |
| title_sort |
hands-on fuzzing of open source project |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/174961 |
| _version_ |
1800916242130796544 |