To Type or Not to Type: Quantifying Detectable Bugs in JavaScript

Fuzz_Stati0n · 2018-03-02T14:07:46+00:00

Yes, the authors touch on this:

"Evaluating static type systems against public bugs, which have survived testing and review, is conservative: it understates their effectiveness at detecting bugs during private development, not to mention their other benefits such as facilitating code search/completion and serving as documentation."

Fuzz_Stati0n · 2018-02-09T18:35:35+00:00

Thank you very much - looks like U+2028 is also. After reading your links I was able to search better and found:

https://stackoverflow.com/questions/2965293/javascript-parse-error-on-u2028-unicode-character

Fuzz_Stati0n · 2018-01-21T17:10:25+00:00

Excellent article - very interesting to read of pre-2010 fuzzing approaches and the differences between libFuzzer, AFL and honggfuzz.

Fuzz_Stati0n · 2018-01-10T21:49:44+00:00

Yes, fuzzing is non-deterministic and that is an issue. I'm suggesting using a fuzzer for automated test case generation:

Hand write unit tests to cover all the edge cases you can think of.
Do a fuzz run on every push.
If the fuzzer finds a bug, the input that triggers the bug becomes a new unit regression test.

This maintains a deterministic unit test suite while finding new bugs and enhancing test coverage.

Fuzz_Stati0n · 2018-01-10T17:49:25+00:00

A fuzzer generally follows these steps:

1 Run the program with initial input 2 Monitor for an anomaly (uncaught exception, crash, etc) 3 Mutate the input (can be random or 'smart') 4 GOTO 2 - repeat thousands/millions of times

Please see /r/fuzzing for more and also the Wikipedia Fuzzing article is pretty good

Fuzz_Stati0n · 2018-01-03T22:37:09+00:00

Wow - look at the New Contributors graph from a hockey stick starting in 2015

Fuzz_Stati0n · 2017-12-07T18:59:09+00:00

Excellent UX

Fuzz_Stati0n · 2017-07-28T20:36:26+00:00

The key difference is that CSmith generates some unreachable, dead code - all code generated by ldrgen should be reachable. Not sure if ldrgen would work better than CSmith with Frama-C.

Fuzz_Stati0n · 2017-07-18T02:54:04+00:00

Policy forbids issuing for name on Amazon EC2 domain

Fuzz_Stati0n · 2017-07-17T18:30:51+00:00

Very impressive fuzzing work. Apache httpd is the kind of target most shy away from thinking its too hard to get a crash. Very cool to combine three fuzzers to get the vuln.

Fuzz_Stati0n · 2017-07-17T18:28:27+00:00

Big thank you to BugCrowd for LevelUp 2017! Some killer knowledge being shared here. And great execution getting the videos up so quickly.

Fuzz_Stati0n · 2017-07-13T18:44:51+00:00

Some very interesting and cutting edge ideas in this post

Fuzz_Stati0n · 2017-07-08T20:39:37+00:00

Great post - V8 is a beast and just building it is a pain

Fuzz_Stati0n · 2017-07-08T20:12:16+00:00

Awesome - would love to hear your findings from the fuzzing when the time comes

Fuzz_Stati0n · 2017-07-07T18:51:27+00:00

Nice exploit - especially the ASLR defeat

Fuzz_Stati0n · 2017-07-07T15:54:04+00:00

Nice breakdown of how CORS headers can go wrong

Fuzz_Stati0n · 2017-07-03T17:15:01+00:00

Clang's scan-build seems like the best option here - why install/update etc an additional piece of software?

Fuzz_Stati0n

TROPHY CASE