Menu

    This was FuzzCon Europe - WebSecurity Edition

    FuzzCon Europe - WebSecurity Edition was a full success. We were happy to welcome over 500 participants online. In case you missed the event, or you want to rewatch certain talks, you can find the recordings of each presentation below. 

    Simon Bennetts - Project Lead, StackHawk (OWASP ZAP)

    Why Fuzzing Web Applications Is Hard

    Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk. His philosophy is that you cannot build web applications without knowing how to attack them.

    Presentation topics:

    • Why fuzzing is underused in web development
    • Differences between fuzzing and scanning
    • Challenges of fuzzing web applications

    Marina Polishchuk - Research Software
    Engineer, Microsoft Research (RESTler)

    Stateful REST API Fuzzing with RESTler

    Marina Polishchuk is passionate about systematically testing complex software. She is currently working at Microsoft Research on the problem of how to find security and reliability bugs in cloud services through fuzzing their REST APIs.

    Presentation topics:

    • Why it is so important to fuzz REST APIs
    • What kind of bugs can be discovered through the REST API?
    • Testing large services with RESTler

    Abhishek Arya - Principal Software Engineer, Google (OSS-Fuzz) & Fabian Meumertzheim - Senior Software Engineer, Code Intelligence (Jazzer)

    OSS-Fuzz: Fuzzing Everything

    Together with his team, Abhishek Arya launched OSS-Fuzz back in 2016. Since then, it has found over 1200 vulnerabilities. Fabian Meumertzheim, was one of the leading engineers behind Jazzer, Code Intelligence’s open-source fuzzer for JVM-based languages, which has recently been integrated into OSS-Fuzz. 

    Presentation topics:

    • Why fuzzing memory-safe languages is so good at finding misbehaviours and crashes
    • Integrating Jazzer into OSS-Fuzz
    • Use Case: finding a CVE in a json sanitizer

    Khaled Yakdan - CTO, Code Intelligence (Jazzer)

    Coverage-Guided Fuzzing for Web Applications

    As CTO of Code Intelligence, Khaled Yakdan drives the customer-oriented development of the CI Fuzz testing platform. As a malware analyst, he is an expert in binary code analysis with over 7 years of experience in reverse engineering and penetration testing.

    Presentation topics:

    • Benefits of coverage-guided fuzzing
    • Making coverage-guided fuzzing available for everyone
    • Set-up and instrumentation for web applications

    All Speakers

    Moderator - Boris Paskalev, Head of Product, Snyk

    Panel Discussion: Fuzzing for Web Applications

    At the end of FuzzCon Europe - WebSecurity Edition, all speakers came together for a panel discussion about web security with a special focus on fuzzing. The discussion was moderated by Snyk's Boris Paskalev.

     

     

    Jazzer_einfach1
    Fuzz Testing for JVM is now Open Source

    Check out Jazzer!

    At Code Intelligence, we have already fixed thousands of bugs with our fuzzing engine for the JVM. Now its core is available to the community. We are excited to announce the open source launch of Jazzer.