Introduction to modern fuzzing

Find and fix vulnerabilities before they reach production.

Jochen Hilgers

Playlists: 'froscon2022' videos starting here / audio

This talk is a hands-on introduction to fuzz testing. After a basic introduction to fuzzing we will give a live demonstration of our open source fuzzing tools, supporting C/C++, Java, JavaScript and Go. They will showcase modern state-of-the-art fuzzing approaches and demonstrate the different kinds of bugs one can detect.

To get everyone on board we will take a short tour through the history and fundamentals of fuzzing before we look at the current state of fuzzing including code instrumentation for coverage guided fuzzing and bug detectors. We will find out what kind of bugs and vulnerabilities can be found with these techniques.
We will do this by taking a look on how we use this modern approaches at Code Intelligence (Bonn, https://www.code-intelligence.com/) to make fuzzing as easy as writing unit tests, including demonstrations of our OSS tools Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) and cifuzz (https://github.com/CodeIntelligenceTesting/cifuzz).

Download

Embed

Share:

Tags