News
Final GradesWritten on 09.03.22 (last change on 10.03.22) by Leon Bettscheider Dear students, We have uploaded the final grades. Please find them on your Personal Status page. Statistics are available at https://cms.cispa.saarland/fuzzing2122/gradescales/view/1. Congratulations on your achievement! Best regards, |
Project 2 ResultsWritten on 07.03.22 by Leon Bettscheider Dear students, we have uploaded the results for project 2. All participants who achieved at least 47% of the total points have passed the project. Congratulations! |
Course evaluation results availableWritten on 23.02.22 by Andreas Zeller Dear all, The results of your course evaluation are now available. Thank you for participating! Let me use this occasion to thank our great exercise and project organizers, Marius and Leon. You rock! Keep up the good work, Andreas Zeller |
Exercise 13 SolutionWritten on 14.02.22 by Leon Bettscheider Dear Students, We have uploaded a sample solution for Exercise 13, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Today: Guest lecture by Marcel BöhmeWritten on 08.02.22 by Andreas Zeller Dear all, Today, we're talking about "When to stop fuzzing" (an adequate title for the last lecture in the course), and we have our guest speaker Marcel Böhme, a young superstar in fuzzing research, showing us how to find out the limits (and strengths) of fuzzing. Looking forward to see you… Read more Dear all, Today, we're talking about "When to stop fuzzing" (an adequate title for the last lecture in the course), and we have our guest speaker Marcel Böhme, a young superstar in fuzzing research, showing us how to find out the limits (and strengths) of fuzzing. Looking forward to see you soon, Andreas |
Exercise 12 SolutionWritten on 07.02.22 by Marius Smytzek Dear Students, We have uploaded a sample solution for Exercise 12, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 13Written on 01.02.22 by Leon Bettscheider Dear Students, We have published Exercise 13. You can find it under Information > Material. Please read the chapter on Reducing Failure-Inducing Inputs for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published Exercise 13. You can find it under Information > Material. Please read the chapter on Reducing Failure-Inducing Inputs for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 13. February 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Course evaluationWritten on 01.02.22 by Andreas Zeller Dear all, We are constantly striving to provide great courses. But for this, we need your feedback: What did you like? Where can we still improve? So, after today's lecture, please take a moment to fill out this form: https://qualis.uni-saarland.de/eva/?l=133523&p=ity7hg Evaluation is… Read more Dear all, We are constantly striving to provide great courses. But for this, we need your feedback: What did you like? Where can we still improve? So, after today's lecture, please take a moment to fill out this form: https://qualis.uni-saarland.de/eva/?l=133523&p=ity7hg Evaluation is open until Thursday February 3, so don't delay! Looking forward to hear from you, Andreas + Marius + Leon |
Exercise 11 SolutionWritten on 31.01.22 by Leon Bettscheider Dear Students, We have uploaded a sample solution for Exercise 11, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 12Written on 26.01.22 by Marius Smytzek Dear Students, We have published Exercise 12. You can find it under Information > Material. Please read the chapters on API Fuzzing and Testing Configurations for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published Exercise 12. You can find it under Information > Material. Please read the chapters on API Fuzzing and Testing Configurations for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 6. February 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 10 SolutionWritten on 26.01.22 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 10, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 9 SolutionWritten on 26.01.22 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 9, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 11Written on 21.01.22 by Leon Bettscheider Dear Students, We have published Exercise 11. You can find it under Information > Material. Please read the chapters on API Fuzzing and Testing Configurations for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published Exercise 11. You can find it under Information > Material. Please read the chapters on API Fuzzing and Testing Configurations for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 30. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Project 2Written on 19.01.22 by Leon Bettscheider Dear Students, We have published project 2. You can find it under Information > Material. The Zip file contains the files for this project. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have… Read more Dear Students, We have published project 2. You can find it under Information > Material. The Zip file contains the files for this project. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 27. February 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. You may work on the project and submit your solution in groups of at most 2 students. Please make a decision regarding your group preference until 30. January 23:59 on your Personal Status page. |
Exercise 10Written on 11.01.22 by Marius Smytzek Dear Students, We have published Exercise 10. You can find it under Information > Material. Please read the chapter on Symbolic Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to… Read more Dear Students, We have published Exercise 10. You can find it under Information > Material. Please read the chapter on Symbolic Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 23. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Results for Project 1Written on 10.01.22 (last change on 10.01.22) by Marius Smytzek Dear Students, We have published the results for project 1. You can find your results and your passing status on your Personal Status page. We have decided to provide only the points because we could lose information for your final grade when grading the project which could result in a worse… Read more Dear Students, We have published the results for project 1. You can find your results and your passing status on your Personal Status page. We have decided to provide only the points because we could lose information for your final grade when grading the project which could result in a worse result for you. You passed the project with 50 Points. Your fuzzer was evaluated with respect to the coverage on miniircd, its capability to find seeded bugs in miniircd, and how well the fuzzer generalized to two other IRC server implementations measured in the coverage it achieves. For the grading, we have adjusted the weights for each part as follows:
Besides, we have dropped the criterium that you need to achieve 50% in each part. |
Exercise 8 SolutionWritten on 10.01.22 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 8, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 9Written on 05.01.22 by Marius Smytzek Dear Students, We have published Exercise 9. You can find it under Information > Material. Please read the chapters on Tracking Information Flow and Concolic Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try… Read more Dear Students, We have published Exercise 9. You can find it under Information > Material. Please read the chapters on Tracking Information Flow and Concolic Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 16. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 7 SolutionWritten on 20.12.21 by Leon Bettscheider Dear Students, We have uploaded an example solution for exercise 7, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Project 1 Trial Evaluation ResultsWritten on 16.12.21 by Leon Bettscheider Dear students, If you submitted your Project 1 for trial evaluation, you can now find the median (across 5 runs) statement coverage percentage that your fuzzer achieved on miniircd on your Personal Status page. Note that a percentage of at least 70% coverage indicates that your fuzzer meets the… Read more Dear students, If you submitted your Project 1 for trial evaluation, you can now find the median (across 5 runs) statement coverage percentage that your fuzzer achieved on miniircd on your Personal Status page. Note that a percentage of at least 70% coverage indicates that your fuzzer meets the minimum passing criterium. |
Exercise 8Written on 16.12.21 by Marius Smytzek Dear Students, We have published Exercise 8. You can find it under Information > Material. Please read the chapter on Greybox Fuzzing with Grammars for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask… Read more Dear Students, We have published Exercise 8. You can find it under Information > Material. Please read the chapter on Greybox Fuzzing with Grammars for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 9. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Lecture RegistrationWritten on 13.12.21 by Marius Smytzek Dear Students, We noticed a significant deviation between registered students and submissions for the last exercise sheet. Please make sure you are registered in the LSF or at your examination office. If you are not registered, you should register or write your examination office immediately. |
Exercise 6 SolutionWritten on 13.12.21 by Leon Bettscheider Dear Students, We have uploaded an example solution for exercise 6, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 7Written on 08.12.21 by Leon Bettscheider Dear Students, We have published Exercise 7. You can find it under Information > Material. Please read the chapter on Mutation-based Fuzzing and Greybox Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published Exercise 7. You can find it under Information > Material. Please read the chapter on Mutation-based Fuzzing and Greybox Fuzzing for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 19. December 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 5 SolutionWritten on 08.12.21 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 5, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Project 1 Trial Evaluation RunWritten on 08.12.21 by Leon Bettscheider Dear Students,
Dear Students,
|
Exercise 4 SolutionWritten on 30.11.21 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 4, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 6Written on 30.11.21 by Leon Bettscheider Dear Students, We have published exercise 6. You can find it under Information > Material. Please read the chapter on Grammar Mining for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit… Read more Dear Students, We have published exercise 6. You can find it under Information > Material. Please read the chapter on Grammar Mining for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 12. December 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Tomorrow: Lecture registration deadlineWritten on 29.11.21 by Leon Bettscheider Dear students,
note that the registration period for this course ends tomorrow. Please make sure to sign up for the lecture by tomorrow at LSF or, if your course of studies is not currently supported by LSF, by contacting your examination office, and sending the completed registration PDF… Read more Dear students,
note that the registration period for this course ends tomorrow. Please make sure to sign up for the lecture by tomorrow at LSF or, if your course of studies is not currently supported by LSF, by contacting your examination office, and sending the completed registration PDF to leon.bettscheider@cispa.de or marius.smytzek@cispa.de with subject line [Security Testing Registration].
|
Exercise 3 SolutionWritten on 25.11.21 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 3, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 5Written on 24.11.21 by Leon Bettscheider Dear Students, We have published exercise 5. You can find it under Information > Material. Please read the chapter on Code Coverage for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit… Read more Dear Students, We have published exercise 5. You can find it under Information > Material. Please read the chapter on Code Coverage for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 5. December 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Lecture going online-only starting tomorrowWritten on 22.11.21 by Andreas Zeller Dear all, In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only via Zoom. You can join the lecture every Tuesday at 16:15 using the "Zoom" link in the "Information" menu at top of the course… Read more Dear all, In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only via Zoom. You can join the lecture every Tuesday at 16:15 using the "Zoom" link in the "Information" menu at top of the course CMS site. Presentations during the lecture will be recorded (and included into the book). We hope to return to physical lectures as the COVID situation improves. You can do your part by
and encouraging others to do so, too. Stay safe, stay healthy, and see you on Tuesday. Andreas Zeller
|
Project 1 Windows SupportWritten on 17.11.21 by Marius Smytzek Dear Students, |
Exercise 4Written on 16.11.21 (last change on 16.11.21) by Marius Smytzek Dear Students, We have published exercise 4. You can find it under Information > Material. Please read the chapters Probabilistic Grammar Fuzzing and Fuzzing with Generators for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you… Read more Dear Students, We have published exercise 4. You can find it under Information > Material. Please read the chapters Probabilistic Grammar Fuzzing and Fuzzing with Generators for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 28. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Project 1Written on 16.11.21 by Leon Bettscheider Dear Students, We have published project 1. You can find it under Information > Material. The Zip file contains the required files for this project. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page.… Read more Dear Students, We have published project 1. You can find it under Information > Material. The Zip file contains the required files for this project. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 02. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Submission Validation ScriptWritten on 16.11.21 by Marius Smytzek Dear Students, $ python3 Submission_Validation_Script.py… Read more Dear Students, $ python3 Submission_Validation_Script.py <path_to_you_submission_as_a_zip_file> |
Exercise 2 SolutionWritten on 15.11.21 by Leon Bettscheider Dear Students, We have uploaded an example solution for exercise 2, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Exercise 3Written on 09.11.21 by Marius Smytzek Dear Students, We have published exercise 3. You can find it under Information > Material. Please read the chapters Efficient Grammar Fuzzing and Grammar Coverage for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published exercise 3. You can find it under Information > Material. Please read the chapters Efficient Grammar Fuzzing and Grammar Coverage for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 21. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 1 SolutionWritten on 09.11.21 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 1, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page. |
Fuzzingbook 1.0 out of betaWritten on 04.11.21 by Andreas Zeller Hi everyone, We just moved the latest version of The Fuzzing Book out of beta. So, from now on, to read the book, you can directly go to We will continuously update chapters with videos, quizzes, and more before giving them out as reading assignments. To install the… Read more Hi everyone, We just moved the latest version of The Fuzzing Book out of beta. So, from now on, to read the book, you can directly go to We will continuously update chapters with videos, quizzes, and more before giving them out as reading assignments. To install the code package, you can now simply use pip install fuzzingbook to obtain version 1.0 (with support for and requiring Python 3.9). This is the same code as already contained in the previous 1.0rc2 package, so if you already installed that one, there's nothing you need to do. Still, please let us know if you encounter any problems. Keep up the good work -- your friendly course instructors |
Exercise 0 SolutionWritten on 04.11.21 by Marius Smytzek Dear Students, We have uploaded an example solution for exercise 0, you can find it in the category Solutions under Information > Material. Besides, you can find your points for this exercise on your Personal Status page. |
Exercise 2Written on 03.11.21 by Leon Bettscheider Dear Students, We have published exercise 2. You can find it under Information > Material. Please read the chapter Fuzzing with Grammars for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to… Read more Dear Students, We have published exercise 2. You can find it under Information > Material. Please read the chapter Fuzzing with Grammars for this exercise. The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 14. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 1Written on 26.10.21 by Marius Smytzek Dear Students, We have published exercise 1. You can find it under Information > Material. Please read the chapter Fuzzing: Breaking Things with Random Inputs for this exercise. The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to… Read more Dear Students, We have published exercise 1. You can find it under Information > Material. Please read the chapter Fuzzing: Breaking Things with Random Inputs for this exercise. The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 7. November 24:00 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Exercise 0 CorrectionWritten on 20.10.21 by Marius Smytzek Dear Students, There was a mistake in exercise 0-3b. The code for this exercise should be: import random if __name__ == '__main__': Dear Students, There was a mistake in exercise 0-3b. The code for this exercise should be: import random if __name__ == '__main__': The new uploaded revision of the exercise fixes this problem. |
Exercise 0Written on 19.10.21 by Marius Smytzek Dear Students, We have published the first exercise (0). You can find it under Information > Material in the category exercises. The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the… Read more Dear Students, We have published the first exercise (0). You can find it under Information > Material in the category exercises. The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve. We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 31. October 24:00 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions. |
Today's announcements and more videosWritten on 19.10.21 by Andreas Zeller Dear all, Thanks for attending today's lecture! This was our first hybrid lecture, and given all the things that could have gone wrong, we feel it went rather well :-) For those of you who could not attend, we have recorded the part with all the important announcements and questions: Dear all, Thanks for attending today's lecture! This was our first hybrid lecture, and given all the things that could have gone wrong, we feel it went rather well :-) For those of you who could not attend, we have recorded the part with all the important announcements and questions: We also have started adding videos to the chapters assigned to you for reading (this week: Introduction to Testing). As of now, you will find all chapters with videos on which is the site we use for testing before things get moved to the "official" site at www.fuzzingbook.org. In a week from now, our tests for fuzzingbook 1.0 will be complete and from then on, both sites should be synchronized. Our first exercise sheet will go out by tomorrow, letting you get acquainted with Python and Jupyter. Enjoy the read! Andreas
|
Important information regarding face-to-face lectures and coursesWritten on 18.10.21 by Andreas Zeller Dear students, welcome back on campus. Lectures and courses can be held again in presence. But whoever participates in such an event at the university must provide the 3G verification, which means either complete vaccination, recovery or a negative test (twice a week). Therefore, we ask you to read… Read more Dear students, welcome back on campus. Lectures and courses can be held again in presence. But whoever participates in such an event at the university must provide the 3G verification, which means either complete vaccination, recovery or a negative test (twice a week). Therefore, we ask you to read the following information carefully, because an official control can be expected at any time. The 3G verification is done by using and truthfully stating it in the Staysio-App . If you are unable to enroll yourself via smartphone, use this web form: [https://www.uni-saarland.de/fileadmin/upload/page/coronavirus/Alternativformular-Staysio.pdf] It can be filled out and printed online beforehand and must be submitted to the instructor(s) prior to the event. It will then be kept for four weeks in accordance with our data protection declaration and then destroyed. If you have a smartphone but cannot download the app If you are unable to download the Staysio App, in particular due to a foreign account in the Playstore or Appstore, you can also use this web application: https://www.staysio.de/#/visitor 1. Scan the posted QR code with a QR reader app that you have installed on your cell phone With modern devices, this function is often integrated directly into the camera. Open the linked website that is displayed to you 2. In the opened page you are asked if you want to install the app or continue to the web registration. If you choose the web registration, you will be redirected to the registration form. 3. Create your contact details and those of your accompanying person(s) once. The created contacts will be saved on your smartphone for future visits 4. If all persons are registered, you can register all of them with the corresponding button. The logout is automatically performed overnight. Please constantly check the official information on the website of Saarland University All the best, The CS Department |
Welcome to Security Testing!Written on 18.10.21 (last change on 19.10.21) by Andreas Zeller Welcome to the "Security Testing" course! We very much look forward meeting you every Tuesday at 16:15 – either
Welcome to the "Security Testing" course! We very much look forward meeting you every Tuesday at 16:15 – either
In this first meeting (and we hope that many of you will join us in person!), we are going to introduce you to the organization of the course, and happily take and address all your questions. Note that the discussion meetings will not be recorded. Here are some first steps for you to get started for the course:
If you need help, we offer a Mattermost channel where you can find chat rooms for all sorts of questions regarding the course, exercises, and projects.
And of course, there always is the course page with all news and links:
Looking forward to work with you, and see you soon! Andreas + Leon + Marius |
Security Testing
Software has bugs, and catching bugs can involve lots of effort. This course addresses this problem by automating software testing, specifically by generating tests automatically. Recent years have seen the development of novel techniques that lead to dramatic improvements in test generation and software testing. In this course, we explore these techniques – in theory and in code.
Course Organization
Every week, you will be provided with Jupyter Notebooks that teach a particular topic and illustrate it using plenty of runnable Python code. These notebooks come from The Fuzzing Book, a textbook on how to generate software tests written by yours truly.
In the notebook, you can edit the code as you like, run your own experiments, and re-use and extend the code to your liking. Your task will be to use these techniques (and their code) to build a series of fuzzers (i.e. test generators) that find bugs in a number of challenging settings.
Meetings
This course uses the "inverted classroom" principle – you learn at home, and discuss issues with your instructor. In our weekly meeting, we use the gathering in the lecture hall to
- discuss the assignment of last week
- discuss the assignment of next week
- discuss ongoing projects as well as general questions.
These meetings come with live coding, so we can explore ideas right on the go.
Projects
During this course, you apply the techniques learned in weekly exercises and two projects which form your coursework. Projects are graded for effectiveness, efficiency, elegance, and creativity. Projects offer special challenges which allow you to gain bonus points.
Exercises
Every week, you get a simple exercise assignment covering the material of the last lecture. Performance in these exercises will make 33% of the final grade. Note that there is no final exam.
Requirements
Advanced programming skills (such as obtained after two years of successfully studying CS) are required. Knowledge in Python is useful, but can easily be acquired along the course.
Passing Criteria and Grading
To pass this course, you need to have
- at least 50% of the points in each of the projects, and
- at least 50% of the total exercise points.
Lecture Plan
The course is organized as "inverted classroom": Every week, we discuss a chapter of the book, which will be supplied with an introduction video; we meet once a week to discuss the material, the associated exercises, and the ongoing projects.
The sequence of chapters is different from the book; in order to synchronize with the projects, we first discuss black-box techniques, then white-box techniques, and then domain-specific approaches.
2021-10-19: Introduction to the course; Introduction to Software Testing
2021-10-26: Introduction to Fuzzing
2021-11-02: Fuzzing with Grammars
2021-11-09: Efficient Grammar Fuzzing • Grammar Coverage
2021-11-16: Probabilistic Grammar Fuzzing (makes use of Parsing Inputs) • Fuzzing with Generators
2021-11-23: Code Coverage
2021-11-30: Mining Input Grammars (guest lecture)
2021-12-07: Mutation-Based Fuzzing • Greybox Fuzzing
2021-12-14: Greybox Fuzzing With Grammars
2021-01-04: Tracking Information Flow • Concolic Fuzzing
2021-01-11: Symbolic Fuzzing
2021-01-18: Fuzzing APIs • Fuzzing Configurations
2021-01-25: Testing Web Applications • Testing Graphical User Interfaces
2021-02-01: Reducing Failure-Inducing Inputs
2021-02-08: When to Stop Fuzzing (guest lecture) • Current Trends in Fuzzing Research
The lecture plan may be subject to changes; these will be announced in time.
Date, Time, Location
- 15 lectures
- 6 Credit Points
- Tutorial and discussion every Tuesday 16:15–17:45 via Zoom (see "Information → Zoom" in the menu above for the link)
- Start: Tuesday October 19