RadicalZephyr
commented
6 years ago Cargo fuzz and related tools is probably the way to go. However, it remains to be seen what code paths would be useful to fuzz against.
Open RadicalZephyr opened 7 years ago
RadicalZephyr
commented
6 years ago Cargo fuzz and related tools is probably the way to go. However, it remains to be seen what code paths would be useful to fuzz against.
Probably using the american fuzzy lop. This tool has an impressive track record of finding bugs and security vulnerabilities, and it should work fine with a Rust-produced binary (I think...).
This kind of fuzz testing is certainly going to need to be done in a VM, or chroot or docker container or something.