Lets talk about fuzzing
Submitted by Huzaifa Sidhpurwala (@huzaifas) on Tuesday, 2 July 2019
Section: Birds of Feather (BOF) session Category: Security Status: Confirmed & Scheduled
Fuzzing ia a software testing technique, which consists of throwing malformed data at an application in an automated way and observing how the application behaves. Fuzzing for security has been a recent trend, with companies like Google doing this on a massive scale. This BoF discusses some of these techniques and how fuzzing is generally useful.
Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Security engineers have been using fuzzing for quite some time now and it has yeilded excellent results. Google runs a full fledged project called oss-fuzz which aims to fuzz various upstream projects to find and fix security flaws in them. This BoF discusses fuzzing in general, various techniques etc, and talks about how one can get started.
Who should attend: Any one with interest in security
What is expected from participants: Share their stories about finding security flaws either via fuzzing or other techniques.
Key takeaways: Know what fuzzing is, how you can fuzz etc.
I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team. Also i do some security research in my spare time.