appsec.guide
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-16.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-16 2026 | Fuzzing | Testing Handbook - AppSec GuideFuzzing | Handbook chapter detailing fuzzing as an essential dynamic testing method for uncovering security issues and bugs. It covers starting fuzzing projects quickly, delving into advanced techniques, and selecting appropriate fuzzers. The handbook explains how to write fuzzing harnesses, interpret their outputs, and apply them to real-world C/C++ projects, discussing both blackbox and feedback-driven graybox fuzzing approaches. It also explores mutation-based evolutionary fuzzing, the de facto algorithm, and defines key terminology such as SUT, fuzzer, harness, and corpus. |
| 2026-04-16 2026 | Burp Suite Professional Testing HandbookBurp | Library for Burp Suite Professional, an HTTP interception proxy with features for web application security testing. It aids in identifying server-side and client-side vulnerabilities by intercepting and manipulating requests/responses, fuzzing payloads with Intruder, and analyzing traffic with Proxy and Scanner. The handbook also mentions Burp's DOM Invader extension and Trail of Bits webinars on mastering web research with Burp Suite. |
| 2026-04-11 2026 | cargo-fuzz - Testing HandbookFuzzing | Tool for fuzzing Rust projects using Cargo, this handbook details setup and usage. It leverages libFuzzer and can automatically enable sanitizers like AddressSanitizer, which is useful for detecting memory errors in unsafe Rust code. The guide covers writing fuzz tests, initializing projects with `cargo fuzz init`, running fuzz targets with `cargo +nightly fuzz run`, and re-executing specific test cases. It also explores fuzzer options, including disabling sanitizers for performance boosts when not using unsafe Rust, and provides a real-world example fuzzing the `ogg` crate. |
| 2026-04-11 2026 | LibAFL - Testing HandbookFuzzing | Library for building custom fuzzers, LibAFL offers modular functionality beyond traditional AFL-based fuzzers and libFuzzer. It supports a libFuzzer drop-in replacement for easier integration and also serves as a core Rust library for creating highly customizable fuzzing solutions. Setup involves installing Clang and Rust, and configuring environment variables for specific LLVM versions. LibAFL enhances fuzzing performance with features like `SimpleRestartingEventManager` and `LlmpRestartingEventManager` for effective crash detection and multi-processing. |
| 2026-04-11 2026 | Writing Harnesses - Testing HandbookFuzzing | Handbook on writing fuzzing harnesses, detailing techniques beyond simple byte arrays. It demonstrates how to derive complex inputs like integers and strings from raw data, using tools such as `FuzzedDataProvider` to handle variable-length consumption and parsing. The handbook also explores interleaved fuzzing, where the initial input byte steers execution through multiple related APIs, and discusses structured fuzzing concepts for improved efficiency, including integrating with formats like protobufs. Examples cover potential vulnerabilities like division by zero and buffer overflows when manipulating input data. |
| 2026-04-11 2026 | AFL++ - Testing HandbookFuzzing | Library detailing the installation and usage of AFL++, a fork of the AFL fuzzer offering enhanced performance and features for C/C++ binaries. It covers multi-core fuzzing, recommended Ubuntu and Docker environments, and compilation modes like LTO, LLVM, and GCC. The guide emphasizes system configuration scripts such as `afl-system-config` and `afl-persistent-config` for optimizing fuzzing performance, while warning against their use on production systems. It also demonstrates compilation commands using wrappers like `afl-clang-lto++` and `afl-clang-fast++`. |