[layer8]

I couldn’t find any information on what specific kinds of errors are recognized (except JNI memory handling), or how (mechanism) one specifies to the tool what constitutes an error. Can you shed some light on that, or give a pointer to relevant documentation?

[fhenneke]

By default, uncaught exceptions and memory issues in JNI libraries are reported as "crashes".

Additionally, Jazzer provides a hooking framework that can be used to implement domain-specific sanitizers for logic bugs. See https://blog.code-intelligence.com/engineering-jazzer#user-c... for an example. Part of the reason for open-sourcing Jazzer has been to get the discussion started on what kind of "sanitizers" are needed to unlock the full potential of Java fuzzing.

[layer8]

Thanks!

[fhenneke]

If you want to fuzz a Java web app, our commercial platform CI Fuzz (of which Jazzer is one part) has built-in detectors for the typical vulnerabilities such as SQL injections: https://blog.code-intelligence.com/sql-fuzzing