[HN Gopher] The Fuzzing Book
___________________________________________________________________
The Fuzzing Book
Author : chautumn
Score : 134 points
Date : 2025-01-19 11:57 UTC (11 hours ago)
(HTM) web link (www.fuzzingbook.org)
(TXT) w3m dump (www.fuzzingbook.org)
| wslh wrote:
| My 5 cents on fuzzing compilers, and, actually, finding issues
| [1], also share another work we have done using black
| box/pentesting security techniques, including fuzzing in
| Fireblocks [2].
|
| [1] https://www.coinfabrik.com/blog/why-the-fuzz-about-
| fuzzing-c...
|
| [2] https://www.coinfabrik.com/blog/fireblocks-api-black-box-
| rev...
| matt_d wrote:
| More on compiler correctness in general:
| https://github.com/MattPD/cpplinks/blob/master/compilers.cor...
| and fuzzing in particular:
| https://github.com/MattPD/cpplinks/blob/master/compilers.cor...
| TypingOutBugs wrote:
| Great content, excited to see the book grow :)
| grajaganDev wrote:
| Agreed - the authors are the top fuzzing experts.
| topato wrote:
| I was just reading about these whacky German's yesterday, after
| investigating a particularly undescriptive (and still available
| 20 years after it's last update) PKG in pacman. It was the
| tool/framework/concept that these guys used in the mid to late
| 90s to fuzz those 2k+ bugs out of Netscape Navigator like they
| mention in the article. Rather ingenious that it's fuzzing
| technique allowed them to not only isolate bugs without really
| knowing what behavior triggered it, but it would automatically
| narrow it down to the specific line of code at fault. I'm not
| really doing it justice, even less so because I can't remember
| the name of that tool/framework/technique.... Definitely made me
| rethink my understanding of how under lying systems architecture
| and code actually interact, and what a "bug" truly is. So anyway,
| tl;dr, a coincidence happened to me.
___________________________________________________________________
(page generated 2025-01-19 23:00 UTC)