Fuzzing for fun and profit
Syed (~syedkhalid) |
Description:
What is Fuzzing?
"Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program". Fuzzing is a very common method used by security researchers to discover bugs because auditing the source code of a large project is a tedious process and time consuming. Fuzzing not only helps to discover security bugs but also helps to improve the stability of your software.
About this talk
This talk will emphasize much on "Why python is the language of choice for Fuzzing?" and also discuss about the most used fuzzing frameworks written in python. This talk will give a overview of the different types of fuzzer and how to build a large scale fuzzing setup. A short demo of Sulley framework and python-afl will be shown in the presentation.
Target Audience
- QA Team/Bug Hunters and security researchers
TakeAways
- Discover and learn the art of fuzzing.
- Get familiar with the lastest fuzzing tools.
Outline
- Introduction to Fuzzing[5 mins]
- Why Fuzzing is essential?[2 mins]
- Types of Fuzzing[10 mins]
- Fuzzing Tools [3 mins]
- Fuzzing Demo - Sulley and AFL for python [10 mins]
- Q&A Session
Prerequisites:
- Basic knowledge of Python, TCP/IP and socket programming fundamentals.
- Basic understanding of security bugs such as UAF, OOB Read/Write, Buffer/Heap Overflow, etc, would be a plus.
Content URLs:
- https://github.com/jwilk/python-afl[Python module for American Fuzzy Lop][1]
Speaker Info:
Syed is a Software Security Consultant at Sony. He loves to code in C/Python and prefers Python for fuzzing and automation. He has 6+ years of experience in security domain with demonstrated history of working in Web Application Security, Mobile Application Security, FreeBSD/Linux Kernel Security and also worked in Symantec Global Security Operation Center.
Speaker Links:
- https://www.linkedin.com/in/syedkhaled/
- https://github.com/syedkhalid/
- https://twitter.com/syed_khaled