1
play

1 FuzzCon Europe 2020 2018 2019 2020 Started as a meetup FuzzCon - PowerPoint PPT Presentation

Jul 05, 2023 •4.92k likes •5.32k views

1 FuzzCon Europe 2020 2018 2019 2020 Started as a meetup FuzzCon Europe 2019 - FuzzCon Europe 2020 - Whats all the Fuzz About? Fuzz Your Software 2 Code Intelligence Hosting FuzzCon Europe 2020 Code Intelligence Sergej Dechand CEO

  1. 1

  2. FuzzCon Europe 2020 2018 2019 2020 Started as a meetup FuzzCon Europe 2019 - FuzzCon Europe 2020 - What’s all the Fuzz About? Fuzz Your Software 2

  3. Code Intelligence Hosting FuzzCon Europe 2020 Code Intelligence Sergej Dechand CEO & Co-Founder Vision: Easier access to modern Usable Security Background software testing techniques for everyone www.code-intelligence.com 3

  4. Code Intelligence Team 4

  5. What is Fuzzing? 1. Oh yes, I heard about fuzzy logic in university 2. Just testing with random inputs 3. I want to use fuzzing ASAP 5

  6. Participants of FuzzCon Europe 6

  7. Evolution of Software Testing Manual testing Static analysis Modern Fuzzing Techniques: Techniques: Techniques: Code reviews, manual Pattern search: CFG, DDG Coverage-guided fuzzing checks & exploitations Advantage: Advantage: Works without running Advantages: Finds deep bugs Finds lots of bugs! Disadvantage: (Almost) no false positives Disadvantage: Finds too much or nothing Time-consuming, needs at all experts to conduct 7

  8. Fuzz Testing in Security Research Automated Software Testing is an almost solved problem: Fuzzing + Symbolic Code Execution Ain’t nobody got time for that 8

  9. Fuzzing in Large Scale Tech Leaders find 80 % of their bugs with FUZZING 1 800 11 687 19 789 16 108 5 200 9

  10. Early Random Testing Random Punch Cards System under Test 1960s 10

  11. Fuzz it like it’s 89 Random Inputs Fuzzer System under Test 1989 11

  12. Unit Testing and Dumb Fuzzing Random Mutations Image Parser Data from Unit Tests 12

  13. Modern Fuzzing Using Instrumentation for a Feedback Loop coverage information, executed paths, program states Smart Mutations 0x(FF D8 FF DB) 0 Instrumented Image Parser 13

  14. 14

  15. Human Aspects Developer Acceptance ○ Developer acceptance when setting up the first time ○ Not all bugs are equal ○ NIH Learning Curve ○ How to deal with new technology ○ Understand new concepts 15

  16. 16

  17. Development Processes / Corporate Aspects ● Scalable fuzzing infrastructure finding security and stability issues in software Unit Tests? We can’t do that here! ● Google uses ClusterFuzz to fuzz the Chrome Browser / OSS-Fuzz 17

  18. 18

  19. Structure Awareness 19

  20. Structure Awareness Structure Awareness 20

  21. Further Issues to do “Deep Fuzzing” 21

  22. Further Issues to do “Deep Fuzzing” 22

  23. Web Applications Most-Common Use Cases: Web Services ● REST + URL-Encoded ● Protobuf OWASP Top 10 ● Black-box approaches (OWASP Zap, etc) ● Guided fuzzing just starting for Java etc. 23

  24. Structure Awareness Structure Awareness 24

  25. Fuzzing in the Industry “With Code Intelligence, securing your “Code Intelligence enables us to easily “Such software security testing software can take new paths in terms integrate alternative automated approaches have uncovered of quality and efficiency.” approaches to ensure quality.” vulnerabilities in open source projects.” Thomas Tschersich // Chief Security Officer // Helge Harren // SVP Application Development Rakshith Amarnath // Project Lead // Deutsche Telekom AG Trading // Deutsche Börse AG Bosch Corporate Research and more 25

  26. Conclusion 1. Fuzzing superior 2. Get’s traction in practice 3. Today: Talks from fuzzing experts tackling challenges “ With the Open Bosch Award, we honor the best startup collaboration worldwide. ” 26 - Dr. Michael Bolle, CTO Bosch

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exploratory Factor Analysis Applied Multivariate Statistics Spring 2012 Latent-variable models

Exploratory Factor Analysis Applied Multivariate Statistics Spring 2012 Latent-variable models

Exploratory Factor Analysis Applied Multivariate Statistics Spring 2012 Latent-variable models Large number of observed (manifest) variables should be explained by a few un-observed (latent) underlying variables E.g.: Scores on

565 views • 18 slides
Our Road to Continuous Delivery @ Tango Amit Mathur Tango Overview Founded in 2009 and

Our Road to Continuous Delivery @ Tango Amit Mathur Tango Overview Founded in 2009 and

Our Road to Continuous Delivery @ Tango Amit Mathur Tango Overview Founded in 2009 and headquartered in Mountain View Tango has over 300 employees Tango is a messaging platform that combines communications, social and content

450 views • 18 slides
Introduction to Artificial Intelligence ITK 340, Spring 2012 For Thursday Read Russell and

Introduction to Artificial Intelligence ITK 340, Spring 2012 For Thursday Read Russell and

Introduction to Artificial Intelligence ITK 340, Spring 2012 For Thursday Read Russell and Norvig, chapter 1 Do chapter 1, exs 1 and 9 Theres no single right answer for these. Im looking for thoughtful multiple sentence

777 views • 32 slides
Reinventing Mobility with Artificial Intelligence Pascal Van Hentenryck University of Michigan

Reinventing Mobility with Artificial Intelligence Pascal Van Hentenryck University of Michigan

Reinventing Mobility with Artificial Intelligence Pascal Van Hentenryck University of Michigan Ann Arbor, MI 1 Outline Motivation Technology enablers Case Study On Demand Multimodal Public Transportation Pascal Van Hentenryck

948 views • 31 slides
Pre-Reading Quiz Pre-Reading Quiz How does depth-first search instantiate these search

Pre-Reading Quiz Pre-Reading Quiz How does depth-first search instantiate these search

Bookkeeping Artificial Intelligence Class 4: Uninformed Search (Ch. 3.4) Piazza Thank you all for using Piazza! Reminder: [posts] on Piazza must follow the academic integrity guidelines S So post about clarifications, resources,

288 views • 10 slides
Learning Targets Understand varied approaches to identification of gifted learners, with

Learning Targets Understand varied approaches to identification of gifted learners, with

Identification of Gifted Students in Ohio Professional Development for Teachers of Gifted Kent City Schools Karen Rumley, Coordinator of Gifted Services 12-12-17 Learning Targets Understand varied approaches to identification of gifted

390 views • 17 slides
7. Intelligence Throughout the Life Span 7.1 Concepts of Intelligence and Creativity 7.2

7. Intelligence Throughout the Life Span 7.1 Concepts of Intelligence and Creativity 7.2

7. Intelligence Throughout the Life Span 7.1 Concepts of Intelligence and Creativity 7.2 Developmental Stability and Change 7.3 Heredity and Environment 7.4 Reaction Range 7.5 Intelligence Tests 7.6 Giftedness 7.1 Concepts of

417 views • 30 slides
DESIGNING PERSUASIVE ROBOTS: HOW ROBOTS MIGHT PERSUADE PEOPLE USING VOCAL AND NONVERBAL CUES

DESIGNING PERSUASIVE ROBOTS: HOW ROBOTS MIGHT PERSUADE PEOPLE USING VOCAL AND NONVERBAL CUES

VIJAY CHIDAMBARAM , YUEH-HSUAN CHIANG, & BILGE MUTLU HUMAN-COMPUTER INTERACTION LAB, UNIVERSITY OF WISCONSINMADISON DESIGNING PERSUASIVE ROBOTS: HOW ROBOTS MIGHT PERSUADE PEOPLE USING VOCAL AND NONVERBAL CUES MUTLU CHIANG CHIDAMBARAM

1.04k views • 62 slides
Developing Adaptive Interventions for Children with Autism who are Minimally Verbal: Two SMART

Developing Adaptive Interventions for Children with Autism who are Minimally Verbal: Two SMART

Developing Adaptive Interventions for Children with Autism who are Minimally Verbal: Two SMART Case Studies Daniel Almirall, Connie Kasari , Xi Lu, Ann Kaiser, Inbal N-Shani, Susan A. Murphy Univ. of Michigan, Univ. of California

1.01k views • 36 slides
Custom Writing Service - Special Prices Abstract for research proposal ppt slides Nursing

Custom Writing Service - Special Prices Abstract for research proposal ppt slides Nursing

Custom Writing Service - Special Prices Abstract for research proposal ppt slides Nursing research proposals notes , historical research proposal nanotechnology critical thinking about research logic puzzles research paper on cloud computing

397 views • 3 slides
Human-robot interaction Human-robot interaction in autism in autism S. Casalini, G. Dalle Mura,

Human-robot interaction Human-robot interaction in autism in autism S. Casalini, G. Dalle Mura,

ICRA07 2007 IEEE International Conference on Robotics and Automation Full Day Workshop on Roboethics Rome, April 14th, 2007 Human-robot interaction Human-robot interaction in autism in autism S. Casalini, G. Dalle Mura, M. L. Sica, A.

729 views • 34 slides
Communications Across Cultures padraig.mccabe@dcmlearning.ie The phrase Knowledge is power

Communications Across Cultures padraig.mccabe@dcmlearning.ie The phrase Knowledge is power

Communications Across Cultures padraig.mccabe@dcmlearning.ie The phrase Knowledge is power is credited to Francis Beacon in 1571 Knowledge is ubiquitous to invest & manage information through effective communications. Articulate

1.02k views • 77 slides
Emergent Verbal Behaviour in Human-Robot Interaction Kristiina Jokinen & Graham Wilcock

Emergent Verbal Behaviour in Human-Robot Interaction Kristiina Jokinen & Graham Wilcock

Emergent Verbal Behaviour in Human-Robot Interaction Kristiina Jokinen & Graham Wilcock University of Helsinki Jokinen & Wilcock CogInfoCom, Budapest, 2011 2 Pyro: Python Robotics Open source Python robotics toolkit

1.02k views • 26 slides
!"#$"%"&'(&)*+",#-"*(&*.($'/0- 1&2($,&3"&'%

!"#$"%"&'(&)*+",#-"*(&*.($'/0- 1&2($,&3"&'%

!"#$"%"&'(&)*+",#-"*(&*.($'/0- 1&2($,&3"&'% !"#$%&'())(*+&",-&.())&/0*10%* !"#$%&'%&(%$"&'%)*+$,-*. !

1.78k views • 136 slides
Gesture, self-repair and reasoning in schizophrenia Christine Howes with Mary Lavelle, Patrick

Gesture, self-repair and reasoning in schizophrenia Christine Howes with Mary Lavelle, Patrick

Gesture, self-repair and reasoning in schizophrenia Christine Howes with Mary Lavelle, Patrick G.T. Healey, Ellen Breitholtz, Julian Hough, Rose McCabe 24th June 2016 Christine Howes2015 Background 1 Method 2 Results 3 Conclusions 4

589 views • 37 slides
Knowledge-based Sequential Decision-Making under Uncertainty Shiqi Zhang (SUNY Binghamton, USA)

Knowledge-based Sequential Decision-Making under Uncertainty Shiqi Zhang (SUNY Binghamton, USA)

AAAI 2019 Tutorial Knowledge-based Sequential Decision-Making under Uncertainty Shiqi Zhang (SUNY Binghamton, USA) Mohan Sridharan (University of Birmingham, UK) szhang@cs.binghamton.edu; m.sridharan@bham.ac.uk Tutorial Objectives Motivate

945 views • 81 slides
Neural-Symbolic Systems for Human-like Computing Artur dAvila Garcez City, University of

Neural-Symbolic Systems for Human-like Computing Artur dAvila Garcez City, University of

Dagstuhl seminar 17192 8 May 2017 Neural-Symbolic Systems for Human-like Computing Artur dAvila Garcez City, University of London a.garcez@city.ac.uk Neural-Symbolic Systems Cognitive Science Logic Learning Neural Computation

501 views • 28 slides
Leadership in Psychology: Harnessing transferable skills to transform your career Zarina Giannone,

Leadership in Psychology: Harnessing transferable skills to transform your career Zarina Giannone,

Leadership in Psychology: Harnessing transferable skills to transform your career Zarina Giannone, Andrea Piotrowski, Michelle Guzman- Ratko, & Amanda OBrien Offered by the CPA Section for Students in Psychology, 2016 Todays Presenters:

476 views • 9 slides
MANAGEMENT SOLUTION SERIES: EMOTIONAL INTELLIGENCE IN PRACTICE SESSION 1 INTRODUCTIONS AND

MANAGEMENT SOLUTION SERIES: EMOTIONAL INTELLIGENCE IN PRACTICE SESSION 1 INTRODUCTIONS AND

4/03/2020 WORKSHOP MANAGEMENT SOLUTION SERIES: EMOTIONAL INTELLIGENCE IN PRACTICE SESSION 1 INTRODUCTIONS AND EXPECTATIONS 1 4/03/2020 LEARNING OUTCOMES The course provides the opportunity to: Define emotional intelligence and its

598 views • 43 slides
Course Info Instructor: Pascal Poupart Email: cs486@students.cs.uwaterloo.ca CS 486/686

Course Info Instructor: Pascal Poupart Email: cs486@students.cs.uwaterloo.ca CS 486/686

Course Info Instructor: Pascal Poupart Email: cs486@students.cs.uwaterloo.ca CS 486/686 Office Hours: TBA (watch Web page), by appt. Artificial Intelligence Lectures: Tue & Thu Sect. 1: 08:30-09:50 (RCH306) May 3rd,

436 views • 5 slides
Speech Encoder Importance of body language 2 Why data-driven? Yoon et al. "Robots Learn

Speech Encoder Importance of body language 2 Why data-driven? Yoon et al. "Robots Learn

Speech Encoder Importance of body language 2 Why data-driven? Yoon et al. "Robots Learn Social Skills: End-to-End Learning of Co- Cassell et al. "BEAT: the Behavior Expression Speech Gesture Generation for Humanoid Robots." In

401 views • 28 slides
Application of Supply Chain Concepts to the Analysis Process DO5 WRM Seminar September 9, 2015

Application of Supply Chain Concepts to the Analysis Process DO5 WRM Seminar September 9, 2015

Application of Supply Chain Concepts to the Analysis Process DO5 WRM Seminar September 9, 2015 Poulton Innovation Center Rob Handfield, PhD Bank of America University Distinguished Professor of Supply Chain Management Executive Director,

691 views • 25 slides
Overview Last Time Sequence Labeling Dynamic programming Viterbi algorithm Forward

Overview Last Time Sequence Labeling Dynamic programming Viterbi algorithm Forward

University of Oslo : Department of Informatics INF4820: Algorithms for Artificial Intelligence and Natural Language Processing Context-Free Grammars & Parsing Stephan Oepen & Murhaf Fares Language Technology Group (LTG) October 25,

413 views • 29 slides
Ontologies For Baby Animals and Robots. Aaron Sloman School of Computer Science, University of

Ontologies For Baby Animals and Robots. Aaron Sloman School of Computer Science, University of

Presentation at Brown Univ 10 Jun 2009 Ontologies For Baby Animals and Robots. Aaron Sloman School of Computer Science, University of Birmingham http://www.cs.bham.ac.uk/ axs/ These PDF slides are available in my talks directory:

945 views • 55 slides

More recommend