A Bird’s Eye View of Knowledge Needs Related to Penetration Testing

A review of existing literature related to software fuzzing can help identify topics and inform researchers on what techniques can be investigated and applied to identify vulnerabilities in unexplored domains such as scientific software. We conduct a scoping review with 48 publications published in well-known academic venues such as ICSE and CCS. We derive five techniques namely, feature mining, symbolic execution, search-based algorithms, formal methods, and taint analysis. We observe the most frequent technique to be feature mining. Our taxonomy might be helpful for researchers in two ways: (i) researchers can use our taxonomy to assess what techniques can be used to identify undiscovered software vulnerabilities in under-explored domains such as scientific software, and (ii) derive a taxonomy that is comprehensive.