Testing Handbook Skills
Comprehensive security testing toolkit generated from the Trail of Bits Application Security Testing Handbook.
When to Use
- Setting up fuzzing campaigns for C/C++, Rust, Python, or Ruby
- Writing fuzzing harnesses for target functions
- Analyzing code coverage to guide testing
- Running sanitizers (AddressSanitizer, UBSan, MSan) to catch memory bugs
- Performing constant-time testing for cryptographic code
- Using Wycheproof test vectors for crypto validation
When NOT to Use
- Smart contract auditing or chain-specific review work
- Writing custom static-analysis rules from scratch
- General code review outside a security-testing workflow
- Vulnerability hunting without a concrete testing plan
Sub-Skills (17 total)
Fuzzers
| Fuzzer | Language | Best For | Skill Path |
|---|---|---|---|
| libFuzzer | C/C++ | LLVM-based coverage-guided fuzzing | skills/libfuzzer/SKILL.md |
| AFL++ | C/C++ | Advanced mutation-based fuzzing | skills/aflpp/SKILL.md |
| libAFL | C/C++ | LibAFL-based custom fuzzers | skills/libafl/SKILL.md |
| cargo-fuzz | Rust | Rust native fuzzing with libFuzzer backend | skills/cargo-fuzz/SKILL.md |
| Atheris | Python | Python coverage-guided fuzzing | skills/atheris/SKILL.md |
| Ruzzy | Ruby | Ruby coverage-guided fuzzing | skills/ruzzy/SKILL.md |
Techniques
| Technique | Purpose | Skill Path |
|---|---|---|
| Harness Writing | Writing effective fuzzing harnesses | skills/harness-writing/SKILL.md |
| Coverage Analysis | Measuring and improving code coverage | skills/coverage-analysis/SKILL.md |
| Fuzzing Dictionary | Creating effective fuzzing dictionaries | skills/fuzzing-dictionary/SKILL.md |
| Fuzzing Obstacles | Overcoming common fuzzing barriers | skills/fuzzing-obstacles/SKILL.md |
| AddressSanitizer | Memory error detection with ASan | skills/address-sanitizer/SKILL.md |
Static Analysis
| Tool | Purpose | Skill Path |
|---|---|---|
| Semgrep | Fast pattern-matching security scans | skills/semgrep/SKILL.md |
| CodeQL | Deep semantic code analysis | skills/codeql/SKILL.md |
Cryptographic Testing
| Tool | Purpose | Skill Path |
|---|---|---|
| Wycheproof | Test vectors for crypto implementations | skills/wycheproof/SKILL.md |
| Constant-Time Testing | Verify constant-time crypto properties | skills/constant-time-testing/SKILL.md |
Infrastructure
| Tool | Purpose | Skill Path |
|---|---|---|
| OSS-Fuzz | Google's continuous fuzzing service | skills/ossfuzz/SKILL.md |
Meta
| Tool | Purpose | Skill Path |
|---|---|---|
| Generator | Generate new skills from the Testing Handbook | skills/testing-handbook-generator/SKILL.md |
Workflow
Starting a fuzzing campaign
- Choose a fuzzer based on your target language (see Fuzzers table)
- Write a harness using the harness-writing skill
- Build with sanitizers (AddressSanitizer recommended as baseline)
- Create a seed corpus with representative inputs
- Run the campaign and monitor coverage
- Analyze coverage to find uncovered code and improve the harness
- Triage crashes and deduplicate findings
Setting up CI/CD testing
- OSS-Fuzz for open-source projects (continuous fuzzing)
- Semgrep + CodeQL for static analysis in PRs
- Wycheproof test vectors for crypto validation
Quick Start by Language
| Language | Fuzzer | Harness | Sanitizer |
|---|---|---|---|
| C/C++ | libFuzzer or AFL++ | LLVMFuzzerTestOneInput | ASan + UBSan |
| Rust | cargo-fuzz | fuzz_target! macro | Built-in sanitizers |
| Python | Atheris | atheris.FuzzedDataProvider | N/A |
| Ruby | Ruzzy | ruzzy harness pattern | N/A |
Source Material
Generated from the Trail of Bits Application Security Testing Handbook using the testing-handbook-generator meta-skill.