Hi HN, I'd like to share with you a fuzzer I've been working on. It is a black-box, smart, generation-based fuzzer, that fuzzes APIs based on OpenAPI specification. It all started as a bachelor thesis[0], when I wanted to do something security-related and learn Rust along the way. My colleague @viralpoetry tutored me and so far, we've been able to find bugs in software such as k8s, gitea, and vault[1].<p>As for the choice of language, Rust proved to be a good decision, even though, one would think that dynamic languages are better suited for fuzzing (at least that was the choice for API fuzzers that I looked into). Thanks to Rust's type system, I was able to deserialize the OpenAPI specification to structs and traverse them when creating a fuzzing payload in a type-safe way. Other fuzzers load the specification to a dictionary/hashmap and then fail during the traversal because of some missing key they expected.<p>0: <a href="https://github.com/matusf/bachelor-thesis/releases/download/1.0.0/thesis.pdf" rel="nofollow">https://github.com/matusf/bachelor-thesis/releases/download/...</a><p>1: <a href="https://github.com/matusf/openapi-fuzzer#findings" rel="nofollow">https://github.com/matusf/openapi-fuzzer#findings</a>