Comprehensive testing is of critical importance to ensure the reliability of software systems, especially for mission-critical systems such as FinTech systems. We share in this paper our observations of Ant Group’s status quo in testing their financial services. Specifically, the important influences over system execution path from both external environment settings and input object properties during automated fuzzing test process. To support these observations, we propose FinFuzzer, an automated fuzzing test framework that detects and transfers the corresponding environmental settings into system inputs, prioritizes the input object properties, and mutates system inputs on both environment settings and important object properties. We apply FinFuzzer to 4 projects developed in Ant Group, and the results show that our approach can surpass the state-of-art techniques in terms of test coverage in a much shorter time.
Tue 16 NovDisplayed time zone: Hobart change
21:00 - 22:00
|CorbFuzz: Checking Browser Security Policies with Fuzzing|
Chaofan Shou University of California, Santa Barbara, Ismet Burak Kadron University of California at Santa Barbara, Qi Su University of California Santa Barbara, Tevfik Bultan University of California, Santa BarbaraPre-print
|SMARTIAN : Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses|
|FinFuzzer: One Step Further in Fuzzing Fintech Systems|
|Scalable Fuzzing of Program Binaries with E9AFL|