Fuzzers for stateful systems: Survey and Research Directions

Cristian Daniele, Seyed Behnam Andarzian, Erik Poll

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively simple, although applications that keep internal states are challenging to fuzz. The research community has responded to this challenge by developing fuzzers tailored to stateful systems, but a clear understanding of the variety of strategies is still missing. In this paper, we present the first taxonomy of fuzzers for stateful systems and provide a systematic comparison and classification of these fuzzers.

Knowledge Graph

arrow_drop_up

Comments

Sign up or login to leave a comment