fuzzing
Fuzzing between the lines in popular barcode software
By Artur Cygan Fuzzing—one of the most successful techniques for finding security bugs, consistently featured in articles and industry conferences—has become so popular that you may think most important software has already ...
Finding mispriced opcodes with fuzzing
By Max Ammann Fuzzing—a testing technique that tries to find bugs by repeatedly executing test cases and mutating them—has traditionally been used to detect segmentation faults, buffer overflows, and other memory corruption ...
Understanding AddressSanitizer: Better memory safety for your code
By Dominik Klemba and Dominik Czarnota This post will guide you through using AddressSanitizer (ASan), a compiler plugin that helps developers detect memory issues in code that can lead to remote code ...
Using benchmarks to speed up Echidna
By Ben Siraphob During my time as a Trail of Bits associate last summer, I worked on optimizing the performance of Echidna, Trail of Bits’ open-source smart contract fuzzer, written in Haskell ...
Curvance: Invariants unleashed
By Nat Chin Welcome to our deep dive into the world of invariant development with Curvance. We’ve been building invariants as part of regular code review assessments for more than 6 years ...
Introducing Ruzzy, a coverage-guided Ruby fuzzer
By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input ...
Why fuzzing over formal verification?
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...
CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling
Learn about CVE-2023-7060, which identified a missing security control in Zephyr OS IP Packet Handling. Get details like remediation advice, exploitation, and impact of the vulnerability. The post CyRC Vulnerability Advisory: CVE-2023-7060 ...
How we applied advanced fuzzing techniques to cURL
By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
