Towards Generic Database Management System Fuzzing

Explore a 12-minute conference presentation from USENIX Security '24 that introduces BUZZBEE, a groundbreaking fuzzing framework designed to test both SQL and NoSQL database management systems. Learn how researchers from Georgia Institute of Technology and Palo Alto Networks addressed key limitations in existing database testing approaches by developing generic solutions that handle dynamic constraints and generate tight data dependencies. Discover how BUZZBEE successfully identified 40 vulnerabilities across eight different database management systems, leading to 25 fixes and 4 new CVE assignments. Understand the framework's impressive performance metrics, showing up to 177% better code coverage than current generic fuzzers and finding 30 times more bugs in non-relational databases while maintaining competitive results with specialized SQL fuzzers.