Authors: Gustavo Grieco; Martín Ceresa; Pablo Buiras.
Resumen: Fuzzing is a technique that involves testing programs using invalidor erroneous inputs. Most fuzzers require a set of valid inputs as astarting point, in which mutations are then introduced. QuickFuzzis a fuzzer that leverages QuickCheck-style random test-case gen-eration to automatically test programs that manipulate common fileformats by fuzzing. We rely on existing Haskell implementations offile-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in thewild and found that the approach is effective in discovering vul-nerabilities in real-world implementations of browsers, image pro-cessing utilities and file compressors among others. In addition, weintroduce a mechanism to automatically derive random generatorsfor the types representing these formats. QuickFuzz handles mostwell-known image and media formats, and can be used to test pro-grams and libraries written in any language.
Meeting type: Simposio.
Type of job: Artículo Completo.
Production: QuickFuzz: an automatic random fuzzer for common file formats.
Scientific meeting: International Symposium on Haskell.
Meeting place: Nara.
It's published?: Yes
Publication place: New York, NY, USA
Meeting month: 9