Audience
Developer, Pentester, Tester, Security Specialists, Project manager
Key-Learnings
- We show you how you can fix bugs and vulnerabilities earlier and more efficient
- Fuzzing as a powerful technology for security testing
- Evolution of fuzzing and modern fuzzing techniques
- How to build a continuous fuzzing framework
In recent years, vulnerabilities in large software projects have become the leading causes for many security breaches such as data leaks and DoS attacks. Fuzzing is a powerful testing technology helping to find bugs in software projects effectively. For example, with the help of oss-fuzz over 16,000 bugs have been discovered in Google Chrome and 11,000 bugs in further 160 open-source projects.
Haven’t you applied fuzzing yet? You’re not alone. While there are various open-source solutions for modern fuzzing available (e.g., AFL or libFuzzer), fuzzing has not yet established itself in software testing. One of the main reasons is the difficulty of its integration into development tooling / processes. Modern fuzzing tools like our solution CI Fuzz reduce the complexity of fuzzing making it more usable. This allows testers and development teams to confidently test and release continuously.
In this talk, we present an overview of fuzzing and its origin, the recent advances in fuzzing, and its current state of the art. We discuss why modern fuzzing is the future of software testing with enormous influence on code quality. Every company can benefit from this technology as soon as it is easier to use.