Fuzzing Session: Finding Bugs and Vulnerabilities Automatically - David Korczynski & Adam Korczynski, Ada Logics
Abstract
In this session Adam and David invites attendees to an in-depth look at fuzzing starting with the basics and moving on to advanced topics. The presentation will focus on fuzzing open source software and cover why it is important to fuzz your software by way of brief introductions followed by a series of case studies.Fuzzing is a technique to automate testing software for bugs and vulnerabilities. Fuzzing is performed by writing a test harness that passes seemingly pseudo-random data to a target application with the goal of finding bugs and vulnerabilities. Adam and David have written fuzzers for more than 200 open source projects which have led to finding thousands of bugs of which many were security-critical.The presentation will also cover important open-source projects related to fuzzing such as OSS-Fuzz and Fuzz Introspector.This talk is aimed at a broad audience including those who are new to fuzzing as well as those with some fuzzing experience.