More than 1100 security experts participated in FuzzCon Europe 2020 last September, this event is now being continued. FuzzCon - WebSecurity Edition is aimed at software engineers, web developers and IT security experts who want to learn more about the latest trends in web application security.
This conference is highlighting security challenges of Java Spring Boot and other popular Java frameworks. Learn from experienced practitioners and get an overview of modern fuzzing techniques for Java applications.
Java is one of the most popular programming languages worldwide, especially for developing complicated backend systems and interfaces. But although modern Java frameworks like Spring Boot already assist you in developing secure code, some bugs won't be detected by the frameworks... yet! In many cases additional tools for API testing and more advanced DevOps processes are required to protect your software against those vulnerabilities (e.g. OWASP Top 10).
Get inspired by real case studies from the industry and discover the potential of modern fuzzing for Java applications. In practical sessions you will learn how to efficiently detect security vulnerabilities and bugs, deep within your source code: Injections (SQL Injections), Cross-Site Scripting (XSS), Information Leakage, Uncaught Exceptions leading to errors (e.g. NullPointerExeptions), and Crashes (OutOfMemory).
Due to the current Covid-19 crisis we hosted the conference completely online and 100% free!
The event was hosted by Code Intelligence.
“Great talks and lots of interesting tools/techniques to follow up on. Great job organizers and speakers :-)."
FuzzCon Europe 2020
“Interesting to see how an entirely new industry is now growing purely around fuzzing. In conclusion: a very slick event - well done to all involved!”
FuzzCon Europe 2020
In recent years, feedback-based fuzzing (or coverage-guided fuzzing) has experienced an unmatched success story. For example, over 27,000 bugs have been found in Chrome and several open-source projects and Google stated that it finds around 80% of its bugs with modern fuzzing techniques. However, fuzzing is not only reserved for big tech companies: It is gradually finding its way into the wide world.
Fuzzing is used for security and stability testing of the codebase. The application under test is fed with a series of inputs, which are smartly mutated in the testing process. The testing tool gets feedback about the code covered during the execution of inputs. Unlike traditional or black-box fuzzing, feedback-based fuzzing explores the program state efficiently and discovers bugs hidden deep in the code. If you want to learn more in detail about the underlying technology, we recommend you to read our blog post The Magic Behind Feedback-based Fuzzing. Or register to Fuzzing Academy!