Google’s OSS-Fuzz Initiative:
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
⚡1
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
at first the goal was to create a site where I can paste a link and get metadata previews especially the image so that when sharing links on telegram I can attach the image. I looked for packages on npm but turns out most of them are hosted on heroku free version back then and don't work anymore. so I wrote a node code that uses puppeteer headless browser and scrapes the site's metadata. but deploying was quite a hustle and decided to write it in Go. the beauty of Go is you don't need extra setups or hosting providers to publish your packages.