InfoconDB

Presented at Diana Initiative 2022, Aug. 11, 2022, 8:30 a.m. (60 minutes)

Fuzz testing aka fuzzing is a dynamic software testing mechanism designed to detect a wide spectrum of bugs and potential security vulnerabilities from memory corruption to deadlocks, from undefined behavior to exception handling. In combination with appropriate program instrumentation, fuzzing has proven its effectiveness to software developers, security validators as well as security researchers. Although, fuzzing can greatly assist in bug finding, it has its own sets of challenges such as coverage wall, effective input generation etc. In this talk, we will explore the common roadblocks in fuzzing and some of the best practices to overcome these challenges as well as how to best utilize the potential of fuzzing to find bugs and security vulnerabilities. In addition, this talk will highlight how fuzzing can be adopted in the firmware domain despite the tight coupling with the target hardware platform.

Presenters:

Priyam Biswas - Intel
Priyam Biswas is an Offensive Security Researcher at Intel. Her areas of expertise include secure system development via fuzzing, sanitization, static and dynamic analysis. Dr. Biswas earned her PhD in Computer Science from Purdue University where her research focus was on applied cryptography as well as developing attack and defense mechanisms for both compile time and run-time vulnerabilities. </p> <p>She is committed to diversity and inclusion in STEM. Dr. Biswas leads several diversity and inclusion efforts at Intel, and actively drives retention and development of women in Cyber Security domain through arranging regular workshops and mentoring underrepresented students.

Fuzzing: A Must Have in Your Bug Hunting Arsenal

Presenters:

Links:

Similar Presentations: