@thuanpv.bsky.social
Senior Lecturer in Cyber Secutity at @UniMelb & ARC DECRA Fellow. Prev @MonashInfotech & @NUSComputing . (Fuzz) Testing enthusiast.
I think Atropos is built on the key ideas from Redqueen & kAFL/Nyx in which the "spec" is quite different from OpenAPI spec. Moreover, the way that TrailBlazer supports generation & mutation-based fuzzing is quite different too. Hopefully, they, along with other tools, give developers more options.
April 20, 2025 at 12:19 AM
I think Atropos is built on the key ideas from Redqueen & kAFL/Nyx in which the "spec" is quite different from OpenAPI spec. Moreover, the way that TrailBlazer supports generation & mutation-based fuzzing is quite different too. Hopefully, they, along with other tools, give developers more options.
TrailBlazer infers OpenAPI spec and leverage the spec together with the captured traffic, which is *attached* to the inferred spec, to do both generation & mutation based fuzzing. Moreover, current version of TrailBlazer is black-box so it is not language dependent. Feedback guided is our next step.
April 18, 2025 at 2:28 AM
TrailBlazer infers OpenAPI spec and leverage the spec together with the captured traffic, which is *attached* to the inferred spec, to do both generation & mutation based fuzzing. Moreover, current version of TrailBlazer is black-box so it is not language dependent. Feedback guided is our next step.