Fuzz testing is a very effective technique for software vulnerability detection. It consists of supplying the target application invalid, unexpected or semi-random inputs which may lead to unexpected behavior. The focus of in-memory fuzzing is modification of data already present in the process memory to achieve fuzz testing. This approach requires no prior knowledge about the application and is best suited for testing closed source or obfuscated applications. Major drawback of this approach is a relatively high false positive rate. We propose a system for in-memory fuzz testing which utilizes offline process tracing and data taint analysis to reduce the number of false positive results and improve test case analysis.
