fuzzing
Introducing Ruzzy, a coverage-guided Ruby fuzzer
By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input ...
Why fuzzing over formal verification?
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...
CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling
Learn about CVE-2023-7060, which identified a missing security control in Zephyr OS IP Packet Handling. Get details like remediation advice, exploitation, and impact of the vulnerability. The post CyRC Vulnerability Advisory: CVE-2023-7060 ...
How we applied advanced fuzzing techniques to cURL
By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
Master fuzzing with our new Testing Handbook chapter
Our latest addition to the Trail of Bits Testing Handbook is a comprehensive guide to fuzzing: an essential, effective, low-effort method to find bugs in software that involves repeatedly running a program ...
Test mode enhancements to Defensics fuzz testing
The leading fuzz testing tool, Defensics, offers an unlimited mode for more test cases. Read on to learn about test mode enhancements with Synopsys.The post Test mode enhancements to Defensics fuzz testing ...
Improving the state of Cosmos fuzzing
By Gustavo Grieco Cosmos is a platform enabling the creation of blockchains in Go (or other languages). Its reference implementation, Cosmos SDK, leverages strong fuzz testing extensively, following two approaches: smart fuzzing ...
Chaos Communication Congress (37C3) recap
Last month, two of our engineers attended the 37th Chaos Communication Congress (37C3) in Hamburg, joining thousands of hackers who gather each year to exchange the latest research and achievements in technology ...
Fuzzing on-chain contracts with Echidna
By Guillermo Larregay and Elvis Skozdopolj With the release of version 2.1.0 of Echidna, our fuzzing tool for Ethereum smart contracts, we’ve introduced new features for direct retrieval of on-chain data, such ...