Abstract
This thesis explores the integration of symbolic execution and fuzzing techniques to enhance the detection of software vulnerabilities. With the increasing complexity of software systems and the corresponding rise in security threats, traditional methods often fall short in uncovering deeply embedded vulnerabilities. By combining the extensive testing reach of fuzzing by tools like LibFuzzer, with the precise path analysis of symbolic execution through tools like KLEE, this study aims to create a more robust approach to vulnerability detection. The research involves applying these techniques to the SQLite database system, a widely used embedded database engine. The integration of these tools is tested through a carefully designed experimental setup, analyzing the effectiveness of each method in identifying various types of vulnerabilities. Results demonstrate that while LibFuzzer excels in rapid detection of surface-level issues, KLEE provides deeper insights into complex, conditional vulnerabilities. The findings suggest that an integrated approach can significantly enhance the security and reliability of software systems. This work contributes to the field of software security by providing a systematic methodology for combining fuzzing and symbolic execution, highlighting their complementary strengths, and demonstrating their practical application in real-world software testing scenarios.