Zonglin Li^1,#, Xu Zhao^2,#, Yan Cao^2,*, Yazhe Li³, Yihong Zhang¹

CMC-Computers, Materials & Continua, Vol.86, No.3, 2026, DOI:10.32604/cmc.2025.071511 - 12 January 2026

Abstract With the rapid development of Internet technology, REST APIs (Representational State Transfer Application Programming Interfaces) have become the primary communication standard in modern microservice architectures, raising increasing concerns about their security. Existing fuzz testing methods include random or dictionary-based input generation, which often fail to ensure both syntactic and semantic correctness, and OpenAPI-based approaches, which offer better accuracy but typically lack detailed descriptions of endpoints, parameters, or data formats. To address these issues, this paper proposes the APIDocX fuzz testing framework. It introduces a crawler tailored for dynamic web pages that automatically simulates user interactions More >

Yixin Ding¹, Xinjian Zhao¹, Zicheng Wu¹, Yichen Zhu², Longkun Bai², Hao Han^2,*

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 5977-5993, 2025, DOI:10.32604/cmc.2025.065672 - 30 July 2025

Abstract Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware. However, many embedded systems heavily rely on peripherals, rendering conventional fuzzing techniques ineffective. When peripheral responses are missing or incorrect, fuzzing a firmware may crash or exit prematurely, significantly limiting code coverage. While prior re-hosting approaches have made progress in simulating Memory-Mapped Input/Output (MMIO) and interrupt-based peripherals, they either ignore Direct Memory Access (DMA) or handle it oversimplified. In this work, we present ADFEmu, a novel automated firmware re-hosting framework that enables effective fuzzing of DMA-enabled firmware. ADFEmu integrates… More >

Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509 - 11 July 2024

Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >