SoFi: Reflection-Augmented Fuzzing for JavaScript Engines
Xiaoyu He, Xiaofei Xie, Yuekang Li, Jianwen Sun, Feng Li, Wei Zou, Yang Liu, Lei Yu, Jianhua Zhou, Wenchang Shi, Wei Huo
Abstract
JavaScript engines have been shown prone to security vulnerabilities, which can lead to serious consequences due to their popularity. Fuzzing is an effective testing technique to discover vulnerabilities. The main challenge of fuzzing JavaScript engines is to generate syntactically and semantically valid inputs such that deep functionalities can be explored. However, due to the dynamic nature of JavaScript and the special features of different engines, it is quite challenging to generate semantically meaningful test inputs.
Topics & Concepts
Fuzz testingJavaScriptComputer scienceUnobtrusive JavaScriptPopularitySoftware testingReflection (computer programming)Programming languageComputer securityWorld Wide WebRich Internet applicationSoftwarePsychologySocial psychologySoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchWeb Application Security Vulnerabilities