Google’s OSS-Fuzz extends fuzzing to Java apps

Read the original article: Google’s OSS-Fuzz extends fuzzing to Java apps

Google’s open source fuzz-testing service, OSS-Fuzz, now supports applications written in Java and JVM-based languages. The capability was announced on March 10.

OSS-Fuzz provides continuous fuzzing for open source software. A technique for finding programming errors and security vulnerabilities in software, fuzzing involves sending a stream of semi-random and invalid input to a program. Fuzzing code written in memory-safe languages such as JVM languages can find bugs that cause programs to crash or behave incorrectly.

Google enabled fuzzing for Java and the JVM by integrating OSS-Fuzz with the Jazzer fuzzer from Code Intelligence. Jazzer enables users to fuzz code written in JVM-based languages via the LLVM project’s libFuzzer, an in-process, coverage-guided fuzzing engine, similar to how this has been done for C/C++ code. Languages supported by Jazzer include Java, Clojure, Kotlin, and Scala. Code coverage feedback is provided from JVM bytecode to libFuzzer, with Jazzer supporting libFuzzer features including:

To read this article in full, please click here

Become a supporter of IT Security News and help us remove the ads.