Fuzzing Java in OSS-Fuzz

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Junit Java Testing mutation-analysis Quickcheck

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • PIT

    State of the art mutation testing system for the JVM

    • Another great tool is Pitest for mutation testing on the JVM (make coverage more meaningful) https://github.com/hcoles/pitest

  • jazzer

    Discontinued Coverage-guided, in-process fuzzing for the JVM

    • One of the authors of Jazzer here. Feel free to ask any questions regarding Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) or how to integrate Java/JVM projects into OSS-Fuzz.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • junit-quickcheck

    Property-based testing, JUnit-style

    • If you want an easy way to have better mutation coverage, check out property based testing. Eg junit-quickcheck for Java.

    https://github.com/pholser/junit-quickcheck

  • libfuzzer-workshop

    Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

    • That depends on the language you want to fuzz. A good general introduction and hands-on "course" for C/C++ is https://github.com/Dor1s/libfuzzer-workshop. If you prefer Java and just want to get a feeling for how concrete fuzz targets can look like, take a look at the Jazzer examples at https://github.com/CodeIntelligenceTesting/jazzer/tree/main/....

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts