Kateryna Ovechenko
ITERA, Kiev

Fuzzing - leave hackers with nothing!

Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.

Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.

In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.

Audience level
Workshop (40 min)

Comments

{{comment.AuthorInfo}}
{{ comment.DateCreated | date: 'dd.MM.yyyy' }}
Found a mistake?