8. 参考资料

8.1. 参考文献

  1. IEEE 2016 Black Box Lin Y D, Liao F Z, Huang S K, et al. Browser fuzzing by scheduled mutation and generation of document object models[C]// International Carnahan Conference on Security Technology. IEEE, 2016:1-6.

  2. IEEE 2012 White Box Huang S K, Huang M H, Huang P Y, et al. CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations[C]// IEEE Sixth International Conference on Software Security and Reliability. IEEE, 2012:78-87.

  3. Usenix 2014 Seed Generation Rebert A, Sang K C, Grieco G, et al. Optimizing seed selection for fuzzing[C]// Usenix Conference on Security Symposium. USENIX Association, 2014:861-875.

  4. ACM 2013 Black Box Woo M, Sang K C, Gottlieb S, et al. Scheduling black-box mutational fuzzing[C]// ACM Sigsac Conference on Computer & Communications Security. ACM, 2013:511-522.

  5. 钱文祥. 白帽子讲浏览器安全[M]. 电子工业出版社, 2016.

  6. ACM 2013 Paige M. The tangled web: a guide to securing modern web applications by Michal Zalewski[M]. ACM, 2013.

  7. IEEE 2013 Black Box Guo T, Zhang P, Wang X, et al. GramFuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation[C]// Second International Conference on Informatics and Applications. IEEE, 2013:212-215.

  8. ACM 2013 White Box Avgerinos T, Sang K C, Rebert A, et al. Automatic exploit generation[J]. Communications of the Acm, 2014, 57(2):74-84.

  9. IEEE 2010 Symbolic Execution Schwartz E J, Avgerinos T, Brumley D. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)[C]// Security and Privacy. IEEE, 2010:317-331.

  10. ACM 2013 Symbolic Execution Cadar C, Sen K. Symbolic execution for software testing: three decades later[J]. Communications of the Acm, 2013, 56(2):82-90.

  11. Fuzz PNG Miller C, Peterson Z N J. Analysis of mutation and generation-based fuzzing[J]. Independent Security Evaluators, Tech. Rep, 2007.

  12. IEEE 2005 Oehlert P. Violating Assumptions with Fuzzing[J]. IEEE Security & Privacy, 2005, 3(2):58-62.

  13. Usenix 2012 Holler C, Herzig K, Zeller A. Fuzzing with Code Fragments[J]. Proc Usenix Security, 2012:445–458.

  14. IEEE CCIS2012 Fuzz BMP Hou Y, Tao G, Shi Z, et al. Research on Android browser fuzzing based on bitmap structure[M]. 2013.

  15. ACM 2017 Guo R. MongoDB’s JavaScript Fuzzer[M]. ACM, 2017.

  16. Usenix 2018 Yun I, Lee S, Xu M, et al. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing[C]//27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 2018.