Fuzzing - leave hackers with nothing!
-
-
40 min
Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.
Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.
In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.
Fuzzing - автоматическое тестирование безопасности from Vlad Orlikov on Vimeo.