Best Fuzz Testing Tools for C++

OSS-Fuzz provides continuous fuzzing to open source software. Fuzz testing is an established technique for detecting programming errors in software. Many of these detectable mistakes, such as buffer overflow, have serious security implications. Google has discovered thousands of security flaws and stability bugs through guided in-process fuzzing of Chrome components. We now want to share this service with the open-source community. OSS-Fuzz aims at making open source software more stable and secure by combining modern fuzzing with scalable, distributive execution. ClusterFuzzLite or ClusterFuzz is available for projects that do not qualify to use OSS-Fuzz. OSS-Fuzz currently supports C/C++ code, Rust code, Go code, Python code, and Java/JVM. Other languages supported by LLVM could also work. OSS-Fuzz can fuzz both x86_64 builds and i386 versions.

Fuzzing can be a powerful way to find software bugs. The idea is simple: generate a large amount of randomly malformed data for the software to parse, and then see what happens. If the program crashes, then something is wrong. It is surprising how easy it is to find bugs in widely used software, even though fuzzing is an established strategy. Memory access errors will be the most common errors found when fuzzing C/C++ software. The core problem, while they may differ in details, is usually the same: the software reads or write to the wrong memory location. Modern Linux or BSD systems ship with a number of basic tools which display and parse files. Most of these tools, in their current state are not suitable for untrusted data. On the other hand we have powerful tools today that allow us find and analyze these bug.

LibFuzzer, a coverage-guided evolutionary fuzzing tool, is a fuzzing engine that works in the background. LibFuzzer links with the library being tested and feeds fuzzed data to the library through a specific fuzzing target function. The fuzzer tracks the code coverage and generates mutations based on the input data to maximize it. SanitizerCoverage, an instrumentation of LLVM, provides code coverage information. LibFuzzer will still be fully supported, in that important bugs are fixed. To use libFuzzer with a library, you must first implement a fuzz-target. This is a function which accepts an array and performs something interesting using the API being tested. This fuzz target is not dependent on libFuzzer, so it can be used with other fuzzing engine like AFL or Radamsa.

American fuzzy lop, a security-oriented fuzzer, uses a novel form of compile-time tooling and genetic algorithms to discover clean test cases that trigger internal states within the binary. This improves the functional coverage of the fuzzed codes. The compact corpora generated by the tool can also be used to seed other, more resource-intensive or labor-intensive testing regimes in the future. Afl-fuzz, in comparison to other instrumented fuzzers, is designed to be practical. It has a modest overhead, uses highly effective fuzzing techniques and effort minimization tricks. It requires little configuration and handles complex real-world use-cases, such as common image parsing and file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.

The Fuzzbuzz testing workflow is very similar with other CI/CD test workflows. Fuzz testing is different from other testing workflows in that it requires multiple jobs to be run simultaneously. This results in some extra steps. Fuzzbuzz provides a fuzz-testing platform. We make it easy for developers to add fuzz testing to their code, and run them within CI/CD. This helps them find critical bugs and vulnerabilities prior to production. Fuzzbuzz integrates seamlessly into your environment. It follows you from the terminal through to CI/CD. Use your own terminal, IDE, or build tool to write a fuzztest in your environment. Fuzzbuzz will run your fuzz tests automatically against your latest code changes when you push to CI/CD. You can be notified via Slack, GitHub or email when bugs are discovered. Regressions are caught as new changes and previous runs are automatically compared. Fuzzbuzz builds and instruments code as soon as changes are detected.

Our platform uses a variety of security techniques, including feedback-based fuzz testing and coverage-guided fuzz testing, in order to generate millions upon millions of test cases that trigger difficult-to-find bugs deep in your application. This white-box approach helps to prevent edge cases and speed up development. Advanced fuzzing engines produce inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Only uncover true vulnerabilities. You will need the stack trace and input to prove that you can reproduce errors reliably every time. AI white-box testing is based on data from all previous tests and can continuously learn the inner workings of your application. This allows you to trigger security-critical bugs with increasing precision.

CI Fuzz provides robust and secure code, with 100% test coverage. Use CI Fuzz on the command line, or in your favorite IDE to generate thousands of automated test cases. CI Fuzz analyzes the code as it runs. It's like a unit-test, but with AI to cover all paths in the code. Say goodbye to false positives and theoretical issues. Find real issues and get all the information you need to reproduce them quickly and fix them. Test your code with maximum coverage and automatically detect typical security bugs such as injections and remote executions. Deliver the highest-quality software by being fully covered. CI Fuzz allows you to perform real-time code analyses. Unit tests at the next level. It uses AI to generate thousands of test cases and comprehensive code coverage. Maximize pipeline speed without compromising software integrity.

Thousands of tests are generated automatically every minute in order to identify vulnerabilities and guide rapid remediation. Mayhem automates the generation of test suites to produce actionable results. Mayhem uses dockerized images, so there is no need to recompile code. Self-learning ML continuously runs thousands of tests every second, probing for defects and crashes. Developers can then focus on features. Continuous testing is run in the background, highlighting new defects and increasing code coverage. Mayhem provides a copy/paste replication and backtrace of every defect. It then prioritizes these based on the risk. All results are duplicated, and sorted by urgency. Mayhem integrates with your existing build pipelines and development tools to provide developers with actionable results. No matter what tools or language your team uses.