
Java Fuzzing with and Without AFL and the Java Security Manager - solarengineer
https://www.floyd.ch/?p=1090
======
solarengineer
The original title is “ Java Bugs with and without Fuzzing – AFL-based Java
fuzzers and the Java Security Manager”

The author discusses their use of JQF and Kelinci. They share their
observations, various findings, their realisations on what it would mean to
fuzz Java libraries and how to go about it.

The examples of how certain inputs caused code to enter infinite loops was
thought provoking.

A scenario that I thought of: With today’s cloud availability, one might get
tempted to “let auto scaling take care of load “. The article got me thinking
of scenarios where carefully crafted data or inputs ( images and PDFs that one
uploads) could cause image processors and applications to hangs and thus
trigger a runaway auto scale up.

I recommend reading this article.

