FUZZCON EUROPE - EVENT RECAP

Learn more about previous talks and speakers.

GET ACCESS TO ALL PREVIOUS FUZZCON RECORDINGS

PREVIOUS SPEAKERS

Get inspired by leading software security experts from industry and research.

Abhishek Arya

Abhishek Arya

Google OSS-Fuzz

Marina Polichshuk

Marina Polichshuk

Microsoft RESTler

Simon Bennetts

Simon Bennetts

OWASP ZAP

Christian Holler

Christian Holler

Mozilla Firefox

Thomas Wollinger

Thomas Wollinger

Escrypt

Victor Marginean

Victor Marginean

Continental

Yasemin Acar

Yasemin Acar

Max Planck Institute

Andreas Zeller

Andreas Zeller

CISPA Helmholtz

Caroline Lemieux

Caroline Lemieux

Berkeley University

Kostya Serebryany

Kostya Serebryany

Google Research

Marcel Böhme

Marcel Böhme

Monash University

Rakshith Amarnath

Rakshith Amarnath

Bosch

Cornelius Aschermann

Cornelius Aschermann

University Bochum

Sirko Hoeer

Sirko Höer

Federal Office for Information Security (BSI)

Bhargava Shastry

Bhargava Shastry

Etherium Network

Khaled Yakdan

Khaled Yakdan

Code Intelligence

SOURCE_CI Fuzz Demo
GET ACCESS TO ALL PREVIOUS FUZZCON RECORDINGS!
We've recorded all talks.

FuzzCon Europe 2020

Previous talks & topics
Introduction & Fuzzing 101

Sergej Dechand is not only the CEO and co-founder of Code Intelligence but also an expert with years of experience in usable security at Frauenhofer FKIE.

In his session, he gives a detailed explanation of the characteristics of fuzzing and its most recent history.

Get recording.

Usability Issues of Modern Fuzzers

Matthew Smith is a professor at the University of Bonn and a member of Frauenhofer FKIE. His research interest lies in the intersection of technical IT security and behavioral science.

Presentation topics:

  • Introduction into usable security
  • A user study comparing static code analysis to fuzzing
  • Usability comparison of libfuzzer and CLANG 

Get recording.

Fuzzing Challenges and Reflections

Marcel Böhme is a senior lecturer at Monash University. During his time as a senior researcher at the TSUNAMi Security Research Centre in Singapore, he has conducted lots of research to improve the overall understanding of fuzzing.

Presentation topics:

  • The need for automated vulnerability discovery
  • The reason for the recent surge of interest in fuzzing
  • The opportunities that fuzzing brings with it

Get recording.

The Human Component in Automated Bug Finding

Christian Holler, also known as decoder, is currently working as a Staff Security Engineer at Mozilla. He centred his talk around the cultural aspects that influence the acceptance of fuzzing.

Presentation topics:

  • The Do's and Don'ts that can hurt or benefit the relationship between developers and testers
  • Approaches to improve this relationship
  • When to Fuzz

Get recording.

Taming Fuzzers
Andreas Zeller is a Professor at CISPA Helmoltz Center for Information Security with long-time experience in the field of fuzzing. In this talk he explained how to control a fuzzer to bend it to one's own will. 
 
Presentation topics
  • Customizing Fuzzers
  • Controlling Fuzzers
  • Fuzzing with grammars
  • Fuzzing example in Format Fuzzer

Get recording.

Fuzzing Suricata - Finding Vulnerabilities in Large Projects

Sirko Höer is a Vulnerability Expert at the German Federal Office for Information Security. He gained his experience in the field of fuzzing doing cybersecurity in the military-industry, but also at Code Intelligence. During his time at Code Intelligence, he tested the open source program Suricata.

Presentation topics:

  • Methodology of Fuzzing Projects
  • The setup
  • Analysis 
  • The Fuzz Target
  • Which bugs were found?

Get recording.

What's Different About Fuzzing Automotive Software?

Rakshith Amarnath is a project lead for R&D at Bosch Corporate Research. In this presentation he gave us a detailed overview of automotive fuzzing.

Presentation topics:

  • Why fuzz automotive software?
  •  Main differences in automotive fuzzing
  • Solutions for automotive fuzzing

Get recording.

Structure-Aware Grey-Box Fuzzing

Cornelius Aschermann & Sergej Schmilo are security researchers at Facebook and at Ruhr-University Bochum. In their talk, they set forth some interesting approaches on how to fuzz entire systems and not just selected targets.

Presentation topics:

  • The architecture of structure-aware grey-box fuzzing
  • Interactive Targets
  • Specifying Test Scenarios
  • Interactive Specs

Get recording.

Symbolic Execution - What's That and How to Make it Efficient

Up until recently, Sebastian Pöplau, PhD, was working for the Software and Systems Security Group of Eurcom.  In this presentation, he mainly discussed symbolic execution and how it can be implemented alongside fuzzing. 

Presentation topics:

  • What is Symbolic Execution and how can it complement Fuzzing?
  • SMT Solving
  • Comparison: Symbolic Execution vs Fuzzing
  • Tracing Computations

Get recording.

Fuzzing the Solidity Compiler

Bhargava Shastry is a security engineer at the Etherum Foundation. In this presentation, he walked us through the challenges of fuzzing solidity compilers and how he modified libfuzzer to be able to test the code.

Presentation Topics

  • Fuzz Testing in general
  • Fuzzing a compiler
  • Differential Fuzzing

Get recording.

CI Fuzz - Adressing Practical Challenges of Fuzzing

As Chief Scientist and Co-Founder of Code Intelligence, Khaled Yakdan is very well acquainted with fuzzing. In this keynote he spoke about Code Intelligence's own fuzzing platform CI Fuzz.

Presentation topics:

  • Setting up CI Fuzz
  • How does Fuzzing work?
  • Instrumentation
  • Practical examples

Get recording.

Top N Challenges of "Deep" Fuzzing

As principal software engineer at Google, Kostya Serebryany is one of the pioneers when it comes to modern fuzzing. In this presentation, he discussed the challenges of deep fuzzing.

Presentation topics:

  • Why deep fuzzing is not the most important
  • Guided fuzzing
  • Execution
  • Different kinds of mutations

Get recording.

Expanding the Reach of Fuzzing

As a Security Researcher at UC Berkeley, Caroline Lemieux has worked on many different fuzzers. In this presentation, she explained the important characteristics of coverage-guided fuzzing, using the example of several known fuzzers. 

Presentation topics:

  • Basics of Coverage-guided fuzzing
  • Generator-based fuzzing
  • Fair-Fuzz
  • Perf-Fuzz
  • Fuzz-Factory
  • JQF/Zest

Get recording.

Petrol
SPREAD THE NEWS!

Tell your friends and colleagues that you are joining us: #FuzzConEurope2021 @CI_Fuzz

FuzzCon Europe - Automotive Edition

Previous talks & topics
Rethinking Fuzzing for Automotive Software

Rakshith Amarnath is a project lead for R&D at Bosch Corporate Research. In this talk, Rakshith will tell you why fuzzing needs to be rethought in the context of automotive software.

Presentation topics:

  • Why fuzz automotive software?
  • What's the difference?
  • Why do we need to rethink?
  • Thoughts on rethinking

Get recording.

Human Factors in Secure Development

Yasemin Acar's research focuses on human factors in computer security, investigating how to implement secure software development practices. It has shown that working with developers on these issues can resolve problems before they ever affect end users.

Presentation topics:

  • Reasons why humans fail to secure software
  • How can we make secure programming easier?

Get recording.

Think It’s Complicated? Wait for Machine Learning ...

Victor Marginean is currently working at Continental Automotive near Frankfurt and leads the Security&Privacy for Human Machine Interface Business Unit. He is a tech geek and the new passions are UNECE R155 readiness preparation and the combination of automated driving, machine learning and the impact on CyberSec.

Presentation topics:

  • Achievements with Fuzzing at Continental
  • The future of software testing in automotive industry
  • Fuzzing in Machine Learning

Get recording.

5 Uncomfortable Truths About Automotive Cybersecurity
As a pioneer in automotive cyber security, Thomas Wollinger has brought ESCRYPT from its beginnings in 2004 to a position as one of the world’s leading providers of system solutions for vehicle data security. Today, his special focus is on the strategic development and integration of ESCRYPT's product and solution portfolio for automotive security and beyond.
 
Presentation topics:
  • How has automotive software changed?
  • 5 unpleasant truths
  • Automotive software security from a managerial viewpoint

Get recording.

FuzzCon_Logo_rund
JOIN US FOR FUZZCON EUROPE 2021!

Learn more about trends in IT security testing and secure application development and get inspired by our experts.

FuzzCon Europe - WebSecurity Edition

Previous talks & topics
Why Fuzzing Web Applications Is Hard

Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk. His philosophy is that you cannot build web applications without knowing how to attack them.

Presentation topics:

  • Why fuzzing is underused in web development
  • Differences between fuzzing and scanning
  • Challenges of fuzzing web applications

Get recording.

Stateful REST API Fuzzing with RESTler

Marina Polishchuk is passionate about systematically testing complex software. She is currently working at Microsoft Research on the problem of how to find security and reliability bugs in cloud services through fuzzing their REST APIs.

Presentation topics:

  • Why it is so important to fuzz REST APIs
  • What kind of bugs can be discovered through the REST API?
  • Testing large services with RESTler

Get recording.

OSS-Fuzz: Fuzzing Everything

Together with his team, Abhishek Arya launched OSS-Fuzz back in 2016. Since then, it has found over 1200 vulnerabilities. Fabian Meumertzheim, was one of the leading engineers behind Jazzer, Code Intelligence’s open-source fuzzer for JVM-based languages, which has recently been integrated into OSS-Fuzz. 

Presentation topics:

  • Why fuzzing memory-safe languages is so good at finding misbehaviours and crashes
  • Integrating Jazzer into OSS-Fuzz
  • Use Case: finding a CVE in a json sanitizer

Get recording.

Coverage-Guided Fuzzing for Web Applications

As CTO of Code Intelligence, Khaled Yakdan drives the customer-oriented development of the CI Fuzz testing platform. As a malware analyst, he is an expert in binary code analysis with over 7 years of experience in reverse engineering and penetration testing.

Presentation topics:

  • Benefits of coverage-guided fuzzing
  • Making coverage-guided fuzzing available for everyone
  • Set-up and instrumentation for web applications

Get recording.

The World Largest Online Conference About Fuzz Testing

FUZZCON EUROPE 2021

OCTOBER 21st, 2021 | 100% ONLINE

Call for Speakers is open until August 20th.

SPEAKER

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence

sergejdechand1

SERGEJ DECHAND

CEO & FOUNDER
Code Intelligence