wolfSSL is glad to announce that it is incorporating American Fuzzy Lop (AFL) into its testing suite.
Improving security is the at the heart of what wolfSSL is about. That is why wolfSSL has decided to include the AFL fuzzer to its list of tools. Finding bugs first locally allows our teams to make improvements to our libraries helping to eliminate vulnerabilities before they are released in our stable product releases.
Why choose AFL?
AFL is fast and efficient and here at wolfSSL we preach the importance of speed and efficiency. There is also an impressive “trophy case” of bugs found on the AFL home page here. Among the programs listed in the trophy case are several SSL/TLS libraries proving that this fuzzer works for encrypted communications. Finally, AFL is open source like wolfSSL allowing the freedom to look under the hood.
Where we Stand now and our Plans for the Future.
Currently we have 26 individual API tests that cover some of the most common function calls in the wolfSSL library. These tests will be ran daily and if anything of interest is found our teams will be notified right away. We plan to increase the number of tests run as our team determines which API stands to benefit from fuzz testing the most. Our teams are excited to see what AFL can find in the upcoming months as they work alongside it to bring you one of the best TLS/SSL libraries available.