A fuzzer (or fuzzing tool) and the technique of fuzzing work by feeding a software application with large quantities of random data and analyzing its output for abnormalities and crashes, which give developers a hint about the presence and location of possible bugs in an app's code.
Across the years, Google's security researchers have been some of the biggest promoters of using fuzzing tools to discover not only mundane bugs but also dangerous vulnerabilities that could be exploited by attackers.
Google has open-sourced the Atheris code on GitHub, and the fuzzer is also available on PyPI, the Python package repository.
Going forward, Google says it also plans to add support for Atheris fuzz tests on OSS-Fuzz, a hosted platform that lets developers fuzz open-source projects for security flaws. Previously, this platform supported only C and C++ fuzzing, and was extremely successful, being used to find thousands of bugs across the years. As of June 2020, OSS-Fuzz has found over 20,000 bugs in 300 open source projects.
Create your own free Adobe Creative Cloud with free and open source software