The Fuzzing Book

The Fuzzing Book#

Welcome to “The Fuzzing Book”! Software has bugs, and catching bugs can involve lots of effort. This book addresses this problem by automating software testing, specifically by generating tests automatically. Recent years have seen the development of novel techniques that lead to dramatic improvements in test generation and software testing. They now are mature enough to be assembled in a book – even with executable code.

from bookutils import YouTubeVideo
YouTubeVideo("w4u5gCgPlmg")

A Textbook for Paper, Screen, and Keyboard#

You can use this book in multiple ways:

Who this Book is for#

This work is designed as a textbook for a course in software testing or security testing; as supplementary material in a software testing, security testing, or software engineering course; and as a resource for software developers. We cover random fuzzing, mutation-based fuzzing, grammar-based test generation, symbolic testing, and much more, illustrating all techniques with code examples that you can try out yourself.

News#

This book is work in progress. All chapters planned are out now, but we keep on refining text and code with minor and major releases. To get notified on updates, follow us on Mastodon.

About the Authors#

This book is written by Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler. All of us are long-standing experts in software testing and test generation; and we have written or contributed to some of the most important test generators and fuzzers on the planet. As an example, if you are reading this in a Firefox, Chrome, or Edge Web browser, you can do so safely partly because of us, as the very techniques listed in this book have found more than 2,600 bugs in their JavaScript interpreters so far. We are happy to share our expertise and making it accessible to the public.

Frequently Asked Questions#

Troubleshooting#

Why does it take so long to start an interactive notebook?#

The interactive notebook uses the mybinder.org service, which runs notebooks on their own servers. Starting Jupyter through mybinder.org normally takes about 30 seconds, depending on your Internet connection. If, however, you are the first to invoke binder after a book update, binder recreates its environment, which will take a few minutes. Subsequent launches will be much faster.

The interactive notebook does not work!#

mybinder.org imposes a limit of 100 concurrent users for a repository. Also, as listed on the mybinder.org status and reliability page,

As mybinder.org is a research pilot project, the main goal for the project is to understand usage patterns and workloads for future project evolution. While we strive for site reliability and availability, we want our users to understand the intent of this service is research and we offer no guarantees of its performance in mission critical uses.

Do I have alternatives to the interactive notebook?#

If mybinder.org does not work or match your needs, you can download the code and/or notebooks and run them on your machine

Can I run the code on my Windows machine?#

We try to keep the code as general as possible, but occasionally, when we interact with the operating system, we assume a Unix-like environment (because that is what Binder provides). To run these examples on your own Windows machine, you can install a Linux Subsystem or a Linux Virtual Machine.

Can’t you run your own dedicated cloud service?#

Technically, yes; but this would cost money and effort, which we’d rather spend on the book at this point. If you’d like to host a JupyterHub or BinderHub instance for the public, please do so and let us know.

Content#

Can I use your code in my own programs?#

Yes! See the installation instructions for details.

Which content has come up?#

See the release notes for details.

How do I cite your work?#

Here’s how to cite it:

Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler: “The Fuzzing Book”. CISPA Helmholtz Center for Information Security, 2024.

Here’s a BibTeX entry for simpler citation:

@book{fuzzingbook2024,
    author = {Andreas Zeller and Rahul Gopinath and Marcel B{\"o}hme and Gordon Fraser and Christian Holler},
    title = {The Fuzzing Book},
    year = {2024},
    publisher = {CISPA Helmholtz Center for Information Security},
    howpublished = {\url{https://www.fuzzingbook.org/}},
    url = {https://www.fuzzingbook.org/},
}

Can you cite my paper? And possibly write a chapter about it?#

We’re always happy to get suggestions! If we missed an important reference, we will of course add it. If you’d like specific material to be covered, the best way is to write a notebook yourself; see our Guide for Authors for instructions on coding and writing. We can then refer to it or even host it.

Teaching and Coursework#

Can I use your material in my course?#

Of course! Just respect the license (including attribution and share alike). If you want to use the material for commercial purposes, contact us.

Can I extend or adapt your material?#

Yes! Again, please see the license for details.

How can I run a course based on the book?#

We have successfully used the material in various courses.

  • Initially, we used the slides and code and did live coding in lectures to illustrate how a technique works.

  • Now, the goal of the book is to be completely self-contained; that is, it should work without additional support. Hence, we now give out completed chapters to students in a flipped classroom setting, with the students working on the notebooks at their leisure. We would meet in the classroom to discuss experiences with past notebooks and discuss future notebooks.

  • We have the students work on exercises from the book or work on larger (fuzzing) projects. We also have students who use the book as a base for their research; indeed, it is very easy to prototype in Python for Python.

When running a course, do not rely on mybinder.org – it will not provide sufficient resources for a larger group of students. Instead, install and run your own hub.

Are there specific subsets I can focus on?#

We have compiled a number of tours through the book for various audiences. Our Sitemap lists the dependencies between the individual chapters.

Do you provide PDFs of your material?#

At this point, we do not provide support for PDF versions. We will be producing PDF and print versions after the book is complete.

Other Issues#

I have a question, comment, or a suggestion. What do I do?#

You can post to @TheFuzzingBook@mastodon.social on Mastodon, allowing the community of readers to chime in. For bugs that you’d like to get fixed, report an issue on the development page.

I have reported an issue two weeks ago. When will it be addressed?#

We prioritize issues as follows:

  1. Bugs in code published on fuzzingbook.org

  2. Bugs in text published on fuzzingbook.org

  3. Writing missing chapters

  4. Issues in yet unpublished code or text

  5. Issues related to development or construction

  6. Things marked as “beta”

  7. Everything else

How can I solve problems myself?#

We’re glad you ask that. The development page has all sources and some supplementary material. Pull requests that fix issues are very welcome.

How can I contribute?#

Again, we’re glad you’re here! We are happy to accept

  • Code fixes and improvements. Please place any code under the MIT license such that we can easily include it.

  • Additional text, chapters, and notebooks on specialized topics. We plan to set up a special folder for third-party contributions.

See our Guide for Authors for instructions on coding and writing.

Contents