BSidesKC 2019 – Andy Nelson – Fuzzing for Security Vulnerabilities
iSpeech
Software engineers commonly test our code as part of the development lifecycle. Part of that testing includes testing the inputs of our applications. However, most of the time our inputs are a set of pseudo random inputs. Fuzz testing takes input testing to another level by removing the well-defined input and replacing it with truly random inputs. Targeting an asset with random inputs allow the attacker to find new attack vectors. Creating a bug by finding memory related errors, race conditions or any undefined behavior, gives an attacker the ability to exploit the system in ways you might not have thought of. In this talk, I will give an overview of fuzz testing, how it can be used to find vulnerabilities and demonstrate how it is done. If you want to learn how to do some security vulnerability testing, this talk is for you.
Andy Nelson
(Senior Engineering Manager at Cerner Corporation)
Andy is a senior engineering manager at Cerner Corporation. He is runs the Engineering Security team with a focus on guiding Software Engineers to best practices. He has been working in the security space for just over 2 years and is continuing his education every day.
video, sharing, camera phone, video phone, free, upload
2019-06-12 15:17:42
source
Gloss