Fuzzing - leave hackers with nothing!

  • 40 min

Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.

Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.

In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.

Fuzzing - автоматическое тестирование безопасности from Vlad Orlikov on Vimeo.

Comments ({{Comments.length}} )
  • {{comment.AuthorFullName}}
    {{ comment.DateCreated | date: 'dd.MM.yyyy' }}

To leave a feedback you need to