All FuzzCon Europe Talks on Demand

FUZZCON EUROPE RECORDINGS

THIS WAS FUZZCON EUROPE 2021

Fuzzcon Europe is an uprising application security testing conference, bringing together developers, DevOps Engineers, and security experts to make software more reliable and secure.


Shipping Secure Software Should Be Easier!

Sergej Dechand

Sergej Dechand is CEO and co-founder of Code Intelligence. Moreover, he is an expert with years of experience in software testing and usable security at Frauenhofer FKIE.

Presentation topics:

  • In the introduction, he will give us a short and entertaining introduction to fuzzing and automated security testing.
  • What are current pain points and challenges of modern security testing? And how can we support developers to find and fix bugs as early as possible? 
Sergej Dechand

Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing 

Thuan Pham

Thuan Pham is a Lecturer in Cybersecurity at the University of Melbourne. He has been working on scalable and high-performance fuzz testing to improve the reliability & security of software systems.

Presentation topics:

  • Research on graph partitioning and search algorithms to propose a systematic and dynamic task allocation solution that works at the macro-task level
  • How tool called AFLTeam achieved higher code coverage compared to the default parallel mode of AFL and discovered zero-day bugs in FFmpeg and JasPer toolkits
Thuan Pham

API level fuzzing: how to harden your REST endpoints

Madalin Ilie

APIs are everywhere, Madalin Illie says.  Thus, he wrote a tool called CATS which removes the boring part out of API testing, by letting QA Engineers focused on the creative side of testing.

Presentation topics:

  • How to generate hundreds of API tests within seconds with no coding effort
  • What types of testing are covered by the Fuzzers
Madalin Ilie

Input Languages for Effective and Focused Fuzzing

Rafael Dutra and Rahul Gopinath

Rafael Dutra and Rahul Gopinath are currently postdoctoral researchers working on static and dynamic analysis of software at CISPA Helmoltz Center for Information Security.

Presentation topics:

  • The ways in which fuzzers can be enhanced with an input language specification, in order to enable focused fuzzing and reach deeper parts of the code
  • Input languages that are expressed as context-free grammars
  • Fuzzing of binary file formats, such as MP4 or ZIP
  • A new tool FormatFuzzer 
Rafael Dutra and Rahul Gopinath

12 Angry Developers - A Qualitative Study on Developers’ Struggles with CSP

Lea Gröber

Lea Gröber is a Doctoral Student at CISPA Helmholtz Center for Information Security.

Presentation topics:

  • Usable security and privacy issues
  • Cross-Site Scripting attacks
  • Do the standards and content security policies prevent XSS-vulnerabilities in practice?
Lea Gröber

Jazzer 2.0: Taking Java Fuzzing to the Next Level

Fabian Meumertzheim

Fabian Meumertzheim is a Senior Software Engineer at Code Intelligence and one of the leading engineers behind Jazzer, Code Intelligence’s open-source fuzzer for JVM-based languages.

Presentation topics:

  • The features that Jazzer has gained since its initial release
  • macOS and Windows support 
  • Autofuzz – start fuzzing with just a .jar and a method name
  • Bug detectors for certain high-severity vulnerability classes 
Fabian2

Fuzzing for Security Airworthiness

Paul Butcher

Paul Butcher, the spokesman for AdaCore, works with civilian aerospace safety regulations.

Presentation topics:

  • Additional guidelines for international aerospace regulatory bodies
  • Security-focused software development tools that are aligned with the objectives stated within the avionics security standards
  • Vulnerability identification and security measure quality assessment within a plan for security aspects of certification
Paul Butcher

Keeping on Fuzzing and Fixing Suricata

Philippe Antoine

Philippe Antoine is the CEO and founder of Catena cyber, providing cybersecurity services from France. 

Presentation topics:

  • Fuzzing for Suricata
  • How Philippe found and fixed 47 unique bugs in Suricata with modern fuzzing approaches, and how you can successfully apply the technique
Philippe Antoine

theRealSIPfuzzer

Raghudeep Kannavara

Raghudeep Kannavara is a Security Technical Lead at Intel Corporation. He introduces a fuzzer framework for the Soft IPs (SIP) called the Real SIP Fuzzer.

Presentation topics:

  • What are SIPs and SIP hangs
  • Techniques to convert Verilog code to behavioral C++ models
Raghudeep Kannavara

LibAFL: The Advanced Fuzzing Library

Andrea Fioraldi and Dominik Maier

Andrea Fioraldi and Dominik Maier are known as those who wrote and maintain LibAFL. This Advanced Fuzzing Library can fuzz on Windows, Linux, macOS, Android, and even embedded devices and offers a wide variety of source and binary-only instrumentation modes. 

Presentation topics:

  • LibAFL, as a library to build scalable, extendable fuzzers in Rust
  • How LibAFL allows security researchers to slot the perfect fuzzer for their target together
  • Combine LibAFL algorithms in a completely orthogonal way
Andrea Fioraldi and Dominik Maier-1

FuzzCon_Logo_rund

Join Us On the Next FuzzCon Europe

Subscribe to our newsletter to get updates and notifications on conference dates and our next call for presentations (CfPs).

FEEDBACK

What developers say about FuzzCon Europe.

left-quote Created with Sketch.

Interesting to see how an entirely new industry is now growing purely around fuzzing. In conclusion: a very slick event - well done to all involved!

FuzzCon_Logo_rund_weiß
FuzzCon Europe 2020
left-quote Created with Sketch.

Great conference great information, thanks for bringing us the best!

FuzzCon_Logo_rund_weiß
FuzzCon Europe 2020
left-quote Created with Sketch.

Great talks and lots of interesting tools/techniques to follow up on. Great job organizers and speakers :-).

FuzzCon_Logo_rund_schwarz
FuzzCon Europe 2020
Automotive Edition
left-quote Created with Sketch.

I really liked the efficiency of the conference - it went very smoothly without any interruptions.

FuzzCon_Logo_rund_weiß
FuzzCon Europe 2021
WebSecurity Edition
The conference got hosted by Code Intelligence

This CONFERENCE GOT HOSTED BY CODE INTELLIGENCE

Code Intelligence provides a CI/CD agnostic platform, for coverage-guided fuzz testing. It empowers developers to ship secure software faster, by running automated security tests with each pull request. 

SPEAKER

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence