Explore >> Select a destination
|
You are here 
|
www.serpentine.com | ||
| | | | |
secret.club
|
|
| | | | | Okay, if you're reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program under test (PUT; sometimes also SUT, DUT, etc.). Fuzzing is often celebrated as one of the most effective ways to find bugs in programs due to its inherently random nature, which defies human expectation or bias1. The strategy has found countless security-critical bugs (think tens or hundreds of thousands) over its 30-odd-years of existence, and yet faces regular suspicion from industry and academia alike. Mostly. Fuzzers can be overfit to certain applications, intentionally or not.? | |
| | | | |
tonsky.me
|
|
| | | | | Modern extension to classic 2003 article by Joel Spolsky | |
| | | | |
actually.fyi
|
|
| | | | | Doubling UTF-8 validation speed by expanding the DFA. | |
| | | | |
fluffyandflakey.blog
|
|
| | | A while ago I wrote about Rooting out Gremlins on text which was corrupted in a common way by accidentally double-encoding UTF-8. At the time I wrote that post I had really wanted to automate the fixing of these strings, but I couldn't think through how to do it; thankfully the right idea finally came... | ||
