SAST-Guided Greybox Fuzzing

Fuzzing is a widely used automated testing technique that has helped to detect numerous software bugs in recent years. However, since most available fuzzers are coverage-based and therefore consider each code region as equally important, they often waste valuable fuzzing resources on non/less-problematic code, thus limiting their bug-finding effectiveness and efficiency. In this talk, I will introduce SASTFuzz, our new greybox fuzzer that leverages static application security testing (SAST) findings to direct the fuzzing process towards problematic code while accounting for the well-known SAST problem of false positives and negatives. In addition, I will present some preliminary evaluation results showing how SASTFuzz compares to other widely used fuzzers in detecting new software bugs in real-world software systems.

Since October 2019, I (Stephan Lipp) have been a research associate at the Chair of Software & Systems Engineering (Technical University of Munich) under the supervision of Prof. Alexander Pretschner. My research focuses on test adequacy criteria for evaluating and improving the effectiveness and efficiency of fuzzing. Before joining the chair, I held several working student positions as a software developer. Also, I worked as a student assistant in the area of Formal Methods at the University of Augsburg, where I completed my master’s degree.