Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
fuzzing
Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
A little while back I wrote something similar[0]. Basically I applied AFL principles to the JVM by similarly implementing bytecode instrumentation in the lightest way I could and having "passes" of sorts that manipulated inputs using stages like AFL does. The readme explains the implementation details (I don't really maintain it or use it anymore).
0 - https://github.com/cretz/javan-warty-pig
If you are interested in fuzzing your Java code, you should also have a look at the JQF project which directly integrates with junit tests: https://github.com/rohanpadhye/JQF
Maybe a bit biased opinion here, but you could start with this blog post, and see whether you go more into C/C++ fuzzing or web fuzzing from there:
https://blog.code-intelligence.com/the-magic-behind-feedback...
https://github.com/google/fuzzing