Version 0.17 Sommerwelle
Lecture: Introduction to modern fuzzing
Find and fix vulnerabilities before they reach production.
This talk is a hands-on introduction to fuzz testing. After a basic introduction to fuzzing we will give a live demonstration of our open source fuzzing tools, supporting C/C++, Java and Go. They will showcase modern state-of-the-art fuzzing approaches and demonstrate the different kinds of bugs one can detect.
To get everyone on board we will take a short tour through the history and fundamentals of fuzzing before we look at the current state of fuzzing including code instrumentation for coverage guided fuzzing and bug detectors. We will find out what kind of bugs and vulnerabilities can be found with these techniques.
We will do this by taking a look on how we use this modern approaches at Code Intelligence (Bonn, https://www.code-intelligence.com/) to make fuzzing as easy as writing unit tests, including demonstrations of our OSS tools Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) and cifuzz (https://github.com/CodeIntelligenceTesting/cifuzz).