Review of Fuzz Testing to Find System Vulnerabilities

Document Type

Article

Publication Date

2024

DOI

10.61278/itea.45.4.1005

Publication Title

The ITEA Journal of Test and Evaluation

Volume

45

Issue

4

Pages

1-24

Abstract

Fuzzing is an important new test and evaluation (T&E) approach to find information technology vulnerabilities, one that is undergoing rapid research development and improving utility. However, fuzz testing has limited awareness in the broader test community. This article reviews a technical track held during the 2024 Cybersecurity Workshop by the International Test and Evaluation Association (ITEA) that relates those presentations to the research literature on fuzz test techniques. The track was chaired by Dr Mike Shields and titled ‘Fuzzing to Find Unknown Vulnerabilities’ with four presentations concerning the evolution of fuzzing tools from the Vader Modular Fuzzer (VMF) through the G-QEMU (GQ) fuzzing engines to modern Hybrid Fuzzing like the Multi-Arm Bandit fuzzing engine. The final presentation was on work sponsored by the Test Resource Management Centre (TRMC) to measure and compare fuzzing engine performance, building on significant research development of fuzz test benches. In the discussion on fuzz testing research trends, a new AI-enabled literature analysis tool known as LitMaps® is used to examine what such approaches offer to those characterizing trends in a fast-paced research area like fuzz testing. This research hopes to encourage further submissions by fuzz testers on best practices in detecting vulnerabilities to build digital sovereignty through better cyber resilience.

Rights

© 2024 International Test and Evaluation Association. All rights reserved.

Included with the kind written permission of the copyright holder.

ORCID

0000-0001-6081-3239 (Joiner)

Original Publication Citation

Joiner, K. (2024). Review of fuzz testing to find system vulnerabilities. The ITEA Journal of Test and Evaluation, 45(4), 1-24. https://doi.org/10.61278/itea.45.4.1005

Link to Full Text

Share

COinS