23. Fuzzer Tracking

“Well, I think if you say you’re going to do something and don’t do it, that’s trustworthiness.”

George W. Bush, in a CNN online chat, August 30, 2000

In previous chapters, we have defined fuzzing, exposed fuzzing targets, enumerated various fuzzing classes, and discussed various methods of data generation. However, we have yet to cover the matter of tracking the progress of our various fuzzer technologies. The notion of fuzzer tracking has not yet received a great deal of attention in the security community. To our knowledge, none of the currently available commercial or freely available fuzzers have addressed this topic.

In this chapter we define fuzzer tracking, also known as code coverage. We discuss its benefits, ...

Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.