• fuzzy testing

Fuzzing Testing is a software testing technique that involves sending random or mutated inputs to a program to detect bugs or vulnerabilities. In recent years, it has gained increasing popularity among developers and beyond. AFL++ is one of the most well-known and powerful fuzzing tools that utilizes various techniques to maximize code coverage and discover new bugs. In the same context, SharpFuzzer works as a fork of AFL originally, specifically used for testing native .NET programs.
Our objective in this regard was to evaluate the capabilities of these two state-of-the-art tools by testing them on a series of in-house .NET applications at Vianova, with the aim of assessing the effectiveness and validity of a Fuzzer like AFL++/SharpFuzzer. The applications tested in this instance were modified and expanded to incorporate a series of additional modules, enabling them to be effectively tested with the assistance of the two fuzzers.
The results obtained during the testing confirmed our expectations regarding the effectiveness and validity of a Greybox fuzzer compared to a Blackbox fuzzer, while also highlighting a serious issue related to Blackbox fuzzing with Qemu (AFL++), which was duly documented and reported to the tool's developers