Skip to content
FuzzCon_Logo_Automotive_edition (3)

That's a wrap! Thanks for joining us at FuzzCon Europe - Automotive Edition this year.

Automotive AppSec Conference | 100% Online

Connect with Like-Minded Developers

FuzzCon Europe - Automotive Edition brings together leading developers, DevOps engineers, and security experts from the automotive industry to engage in coding sessions focused on real use cases and challenges to learn from experienced developers who will share their best practices on how to build secure automotive systems, and to connect with like-minded developers.

Check out the recordings and learn…

- How to Comply With New Industry Standards

- How to Deal with Growing Complexity in Automotive Software

- How to Improve Security Testing for Automotive Software

Recordings - 2022

Andreas Weichslgartner
CARIAD

Historical Vulnerabilities in the Automotive Space: Common Classes of Bugs Present in Embedded Software

In this talk, Andreas will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development.

He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. 

Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues. 

In addition, he will examine current trends towards more secure and safe programming languages eliminating the shown bug classes in the future.

WATCH HERE

Li Yuekang & Dr. Sheikh Mahbub Habib
NTU Singapore & Continental

Bridging the Gaps of Grey-box Fuzzing from an Industry-Research Perspective

Software testing typically requires these three steps:

1. test case generation

2. target program execution 

3. execution feedback analysis.

Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task.

However, through industry practice, we find that target program execution can be challenging for libraries or IoT software.

Therefore, we propose two techniques for emulation based fuzzing on IoT software and automated fuzz driver generation.

We have implemented prototypes for these techniques and used them to find dozens of vulnerabilities in open-source libraries and routers.

WATCH HERE

Nico Vinzenz
ZF Group

Integrating Fuzz Testing into an Automotive Cybersecurity Test Strategy

Fuzz testing has proven itself as a powerful approach for finding previously undiscovered vulnerabilities and robustness issues. 

However, while the fuzz testing tool is key, the timing and scope of its application during the development is crucial as well.

This talk addresses these pain points and explains how fuzz testing can be beneficial when integrated early and systematically at every stage of the product development process.

WATCH HERE

René Palige & Rosemary Joshy
Continental

Fuzzing beyond Cybersecurity

In their talk,  René and Rosemary will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes. 

They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.

WATCH HERE

Michal Frenkel & Victor Marginean
Argus Cyber Security Ltd.

How to Improve Automotive Security

Michal and Victor will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces.

They will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs.

WATCH HERE

Michal Frenkel

Michal Frenkel
VP Products & Strategy,
Argus Cyber Security Ltd.

Victor Marginean

Victor Marginean
Presales Worldwide Director,
Argus Cyber Security Ltd.

Yuekang Li

Yuekang Li
Research Assistant Professor, 
NTU Singapore

Dr. Sheikh Mahbub Habib

Dr. Sheikh Mahbub Habib
Head of Growth Field "Security & Privacy, Continental

Recordings - 2021

Dr. Thomas Wollinger
CEO At ESCRYPT

 

Five Uncomfortable Truths about Automotive Cybersecurity

As a pioneer in automotive cybersecurity, Thomas Wollinger has brought ESCRYPT from its beginnings in 2004 to a position as one of the world’s leading providers of system solutions for vehicle data security. Today, his special focus is on the strategic development and integration of ESCRYPT's product and solution portfolio for automotive security and beyond.

Presentation topics:

How has automotive software changed?
5 unpleasant truths
Automotive software security from a managerial viewpoint

WATCH HERE

Rakshith Amarnath
R&D Project Lead At Bosch

 

Rethinking Fuzzing for Automotive Software

Rakshith Amarnath is a project lead for R&D at Bosch Corporate Research. In this talk, Rakshith will tell you why fuzzing needs to be rethought in the context of automotive software.

Presentation topics:

Why fuzz automotive software?
What's the difference?
Why do we need to rethink?
Thoughts on rethinking

WATCH HERE

Victor Marginean
Cybersecurity & Privacy Business Unit HMI, At Continental

Think It’s Complicated? Wait for Machine Learning...

Victor is currently working at Continental Automotive near Frankfurt and leads the Security&Privacy for Human Machine Interface Business Unit. He is a tech geek who is passionate about UNECE R155 readiness preparation and the combination of automated driving, machine learning and the impact on CyberSec.

Presentation topics:

Achievements with Fuzzing at Continental
The future of software testing in the automotive industry
Fuzzing in Machine Learning

WATCH HERE

Yasemin Acar
Research Group Leader At Max Planck Institute 

Human Factors in Secure Development

Yasemin Acar's research focuses on human factors in computer security, investigating how to implement secure software development practices. It has shown that working with developers on these issues can resolve problems before they ever affect end users.

Presentation topics:

Reasons why humans fail to secure software
How can we make secure programming easier?
Takeaways from research for practice

WATCH HERE

All 2021 Speakers

 

 

Panel Discussion

At the end of FuzzCon - Automotive Edition, all speakers joined for a panel discussion about automotive software security with a special focus on fuzzing.

WATCH HERE

Speakers - 2021 

Rakshith Amarnath

Rakshith Amarnath
R&D Project Lead.
Bosch

Victor Marginean

Victor Marginean
Presales Worldwide Director,
Argus Cyber Security Ltd.

Thomas Wollinger

Thomas Wollinger
CEO,
Escrypt

Yasemin Acer

Yasemin Acar
Research Group Leader, Max Planck
Institue for Security and Privacy

What will you learn from FuzzCon Europe - Automotive Edition?

How to Comply With New Industry Standards

New regulations require extended security tests and propose automated fuzz testing as a complementary approach to penetration testing (UNECE WP.29, ISO 21434). This conference will provide developers with best practices and use cases on how to implement those standards.

How to Avoid False Positives

Software Composition Analysis (SCA) and Static Application Security Testing (SAST) are widely used in automotive software security. These methods automate the testing processes to a degree, but they also put out many false positives, which are highly time-consuming. This conference will explore best practices and use cases on how to scale your security testing efforts, without false positives.

How to Deal with Growing Dependencies 

Automotive software systems tend to have many dependencies, which makes them particularly difficult to secure. Existing testing approaches, such as Manual Testing and Static Analysis, often do not provide sufficient security to cope with the complexity of these applications.

At this conference, you will learn best practices and use cases on how to cope with this complexity through automation.

How to Implement Fuzz Testing for Automotives

ISO 21434 and UNECE WP.29 recommend OEMs integrate feedback-based fuzz testing into their DevOps processes and define new requirements for software security engineering. You will learn how you can directly implement fuzz testing in automotive software.

FAQs

What is Fuzzing?

"Fuzzing" or "fuzz testing" is currently the most effective testing approach to automatically detect security and stability issues in software. It involves providing invalid, unexpected, or random data as inputs to a computer program. 

Modern fuzzing engines (such as AFL++, or Jazzer) do not just use random inputs, but smart algorithms tailoring the input to increase the amount of code which is tested/covered by the fuzzer.

Read more about fuzzing.

When did FuzzCon Europe - Automotive Edition Take Place?

The most recent conference took place on Thursday, November 17th 2022

What event platform was used for the online event?

FuzzCon Automotive was streamed LIVE on our site,  and on LinkedIn.

Was the event be recorded?

Yes! Every session was recorded. All recordings are freely available on our site.

I have more questions. How can I contact the conference team?

Ask us anything! You can contact the team anytime via email at info@fuzzcon.eu

Automotive Fuzzing Resources