Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help guide a fuzzer into using better inputs for its testing.

Resources

• https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/
• https://github.com/crytic/echidna
• https://github.com/crytic/medusa
• https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html

Show Notes: https://securityweekly.com/asw-336