This article presents a thorough mobile app penetration‑testing guide covering objectives, scope, testing methods, step‑by‑step workflow, recommended tools, reporting structure, and remediation advice to help developers and security professionals secure their applications.
Fuzz testing injects massive amounts of random or semi‑random inputs into applications to expose crashes, logic errors, and security flaws, and the article explains its principles, the types of defects it uncovers, real‑world practices at Google Chrome, and step‑by‑step Java integration using CI Fuzz and JUnit.
This article examines nine frequent errors developers make when writing Go unit tests—such as improper test classification, neglecting the race detector, ignoring parallel and shuffle flags, avoiding table‑driven tests, using sleep, mishandling time APIs, overlooking httptest/iotest, misusing benchmarks, and skipping fuzz testing—providing analysis and concrete code‑based solutions to improve test reliability and efficiency.
Fuzz testing, originating in the 1990s, employs random and malformed inputs to stress software, and this article explores its application to operating system kernels, detailing design of input generation, mutation strategies, execution monitoring, and iteration techniques across tools like AFL, Syzkaller, kAFL, and UnicornFuzz.
This article provides a detailed tutorial on Go's testing framework, covering test classifications such as unit, benchmark, example, and fuzz tests, explaining naming conventions, file organization, test execution commands, parallel testing, coverage measurement, and how to integrate these practices into robust backend development workflows.
This article introduces the Google‑maintained honggfuzz fuzzing engine, explains how to integrate it into the Android AOSP build, run multi‑threaded fuzzing on devices, and dives into the core source modules, coverage sharing mechanisms, and the extensive mutation strategies that power its effectiveness.
This article explains the fundamentals of fuzz testing, describes its core concepts and step‑by‑step process, compares mutation‑based and generation‑based test case generation algorithms, and details the popular open‑source AFL tool, its workflow, mutation strategies, and practical advantages.
This article introduces Go's native testing ecosystem—including unit testing, benchmark performance measurement, code‑coverage analysis, fuzz testing, and race‑condition detection—through a practical bookkeeping‑app example, demonstrating how each tool can uncover bugs, improve performance, and raise overall code quality.
The article reviews Go’s 13‑year journey, focusing on the major 2022 releases Go 1.18 and Go 1.19, and explains new features such as generics, fuzz testing, workspaces, documentation improvements, memory limits, VS Code extensions, security tools, and the team’s future roadmap.
Based on responses from 5,752 developers, the 2022 Q2 Go survey uncovers rapid adoption of generics, low awareness of built-in fuzz testing, major security concerns around third-party dependencies, challenges in error handling, and preferences for tooling and platforms, offering a comprehensive snapshot of the Go ecosystem.
Google’s Go 1.18 release introduces native fuzz testing, generics support, module workspaces, and up to 20% performance gains on ARM64 and Apple M1, enhancing security and productivity for developers while reinforcing Go’s pivotal role in cloud‑native projects like Kubernetes and Docker.
The Go 1.18 Beta 1 preview introduces generics support, built‑in fuzz testing, a new workspace mode for multiple modules, extended build‑info commands, and performance improvements for ARM64 and PPC64, while inviting early adopters to experiment with these features before the final release.
This article describes Alipay’s client‑side high‑availability strategy that combines offline risk mining, function‑interface “minesweeping”, RPC/config/jsapi checks, and automated fuzz testing on Android and iOS to detect and eliminate crash‑inducing bugs before release.
This guide walks you through the fundamentals of fuzz testing, demonstrating how to install, configure, and use popular tools like AFL and Honggfuzz on Ubuntu to detect buffer overflows, illegal memory accesses, and other security vulnerabilities in C programs, complete with code examples and result analysis.
This article explains the concept of FUZZ testing, describes its two main techniques, presents the design and core functions of a self‑developed FUZZ testing tool, showcases real‑world test results on SQL and HTTP interfaces, and outlines future enhancements for broader applicability.
This article explains why perfect security is unattainable, then details practical steps—secure configuration, regular penetration testing, and fuzz testing—to reduce a system's attack surface and improve overall resilience against modern threats.
The article examines the recurring bugs and reliability issues in Linux file systems—especially ext4—highlighting Linus Torvalds' criticism, POSIX shortcomings, fuzz‑testing results, historical bug statistics, and practical advice for developers to avoid data‑loss pitfalls.
This guide outlines a comprehensive security checklist covering form input validation, safe system call handling, buffer overflow prevention, strong password policies, session protection, mitigation of XSS, SQL injection, CSRF, Apache and MySQL hardening, PHP configuration, and fuzz testing techniques.
