Rootconf Pune edition

On security, network engineering and distributed systems

Participate Propose a session

Lets talk about fuzzing

Submitted by Huzaifa Sidhpurwala (@huzaifas) on Tuesday, 2 July 2019

Section: Birds of Feather (BOF) session Category: Security

View proposal in schedule

Abstract

Fuzzing ia a software testing technique, which consists of throwing malformed data at an application in an automated way and observing how the application behaves. Fuzzing for security has been a recent trend, with companies like Google doing this on a massive scale. This BoF discusses some of these techniques and how fuzzing is generally useful.

Outline

Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Security engineers have been using fuzzing for quite some time now and it has yeilded excellent results. Google runs a full fledged project called oss-fuzz which aims to fuzz various upstream projects to find and fix security flaws in them. This BoF discusses fuzzing in general, various techniques etc, and talks about how one can get started.

Requirements

Who should attend: Any one with interest in security
What is expected from participants: Share their stories about finding security flaws either via fuzzing or other techniques.
Key takeaways: Know what fuzzing is, how you can fuzz etc.

Speaker bio

I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team. Also i do some security research in my spare time.

Comments

Login with Twitter or Google to leave a comment