.png?width=450&height=338&name=FuzzCon_Logo_Automotive_edition%20(3).png "FuzzCon_Logo_Automotive_edition (3)"){kind=logo}
That's a wrap! Thanks for joining us at FuzzCon Europe - Automotive Edition this year.
Automotive AppSec Conference | 100% Online
Connect with Like-Minded Developers
FuzzCon Europe - Automotive Edition brings together leading developers, DevOps engineers, and security experts from the automotive industry to engage in coding sessions focused on real use cases and challenges to learn from experienced developers who will share their best practices on how to build secure automotive systems, and to connect with like-minded developers.
Check out the recordings and learn…
- How to Comply With New Industry Standards
- How to Deal with Growing Complexity in Automotive Software
- How to Improve Security Testing for Automotive Software
Andreas Weichslgartner
CARIAD
In this talk, Andreas will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development.
He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software.
Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.
In addition, he will examine current trends towards more secure and safe programming languages eliminating the shown bug classes in the future.
Li Yuekang & Dr. Sheikh Mahbub Habib
NTU Singapore & Continental
Software testing typically requires these three steps:
1. test case generation
2. target program execution
3. execution feedback analysis.
Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task.
However, through industry practice, we find that target program execution can be challenging for libraries or IoT software.
Therefore, we propose two techniques for emulation based fuzzing on IoT software and automated fuzz driver generation.
We have implemented prototypes for these techniques and used them to find dozens of vulnerabilities in open-source libraries and routers.
Nico Vinzenz
ZF Group
Fuzz testing has proven itself as a powerful approach for finding previously undiscovered vulnerabilities and robustness issues.
However, while the fuzz testing tool is key, the timing and scope of its application during the development is crucial as well.
This talk addresses these pain points and explains how fuzz testing can be beneficial when integrated early and systematically at every stage of the product development process.
René Palige & Rosemary Joshy
Continental
In their talk, René and Rosemary will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes.
They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.
Michal Frenkel & Victor Marginean
Argus Cyber Security Ltd.
Michal and Victor will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces.
They will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs.
Michal Frenkel
VP Products & Strategy,
Argus Cyber Security Ltd.
Victor Marginean
Presales Worldwide Director,
Argus Cyber Security Ltd.
Yuekang Li
Research Assistant Professor,
NTU Singapore
Dr. Sheikh Mahbub Habib
Head of Growth Field "Security & Privacy, Continental
Recordings - 2021
Dr. Thomas Wollinger
CEO At ESCRYPT
As a pioneer in automotive cybersecurity, Thomas Wollinger has brought ESCRYPT from its beginnings in 2004 to a position as one of the world’s leading providers of system solutions for vehicle data security. Today, his special focus is on the strategic development and integration of ESCRYPT's product and solution portfolio for automotive security and beyond.
Presentation topics:
5 unpleasant truths
Automotive software security from a managerial viewpoint
Rakshith Amarnath
R&D Project Lead At Bosch
Rakshith Amarnath is a project lead for R&D at Bosch Corporate Research. In this talk, Rakshith will tell you why fuzzing needs to be rethought in the context of automotive software.
Presentation topics:
Why fuzz automotive software?
What's the difference?
Why do we need to rethink?
Thoughts on rethinking
Victor Marginean
Cybersecurity & Privacy Business Unit HMI, At Continental
Victor is currently working at Continental Automotive near Frankfurt and leads the Security&Privacy for Human Machine Interface Business Unit. He is a tech geek who is passionate about UNECE R155 readiness preparation and the combination of automated driving, machine learning and the impact on CyberSec.
Presentation topics:
Achievements with Fuzzing at Continental
The future of software testing in the automotive industry
Fuzzing in Machine Learning
Yasemin Acar
Research Group Leader At Max Planck Institute
Yasemin Acar's research focuses on human factors in computer security, investigating how to implement secure software development practices. It has shown that working with developers on these issues can resolve problems before they ever affect end users.
Presentation topics:
Reasons why humans fail to secure software
How can we make secure programming easier?
Takeaways from research for practice
All 2021 Speakers
At the end of FuzzCon - Automotive Edition, all speakers joined for a panel discussion about automotive software security with a special focus on fuzzing.
Rakshith Amarnath
R&D Project Lead.
Bosch
Victor Marginean
Presales Worldwide Director,
Argus Cyber Security Ltd.
Thomas Wollinger
CEO,
Escrypt
Yasemin Acar
Research Group Leader, Max Planck
Institue for Security and Privacy
What will you learn from FuzzCon Europe - Automotive Edition?
How to Comply With New Industry Standards
New regulations require extended security tests and propose automated fuzz testing as a complementary approach to penetration testing (UNECE WP.29, ISO 21434). This conference will provide developers with best practices and use cases on how to implement those standards.
How to Avoid False Positives
Software Composition Analysis (SCA) and Static Application Security Testing (SAST) are widely used in automotive software security. These methods automate the testing processes to a degree, but they also put out many false positives, which are highly time-consuming. This conference will explore best practices and use cases on how to scale your security testing efforts, without false positives.
How to Deal with Growing Dependencies
Automotive software systems tend to have many dependencies, which makes them particularly difficult to secure. Existing testing approaches, such as Manual Testing and Static Analysis, often do not provide sufficient security to cope with the complexity of these applications.
At this conference, you will learn best practices and use cases on how to cope with this complexity through automation.
How to Implement Fuzz Testing for Automotives
ISO 21434 and UNECE WP.29 recommend OEMs integrate feedback-based fuzz testing into their DevOps processes and define new requirements for software security engineering. You will learn how you can directly implement fuzz testing in automotive software.
FAQs
What is Fuzzing?
"Fuzzing" or "fuzz testing" is currently the most effective testing approach to automatically detect security and stability issues in software. It involves providing invalid, unexpected, or random data as inputs to a computer program.
Modern fuzzing engines (such as AFL++, or Jazzer) do not just use random inputs, but smart algorithms tailoring the input to increase the amount of code which is tested/covered by the fuzzer.
When did FuzzCon Europe - Automotive Edition Take Place?
The most recent conference took place on Thursday, November 17th 2022
What event platform was used for the online event?
FuzzCon Automotive was streamed LIVE on our site, and on LinkedIn.
Was the event be recorded?
Yes! Every session was recorded. All recordings are freely available on our site.
I have more questions. How can I contact the conference team?
Ask us anything! You can contact the team anytime via email at info@fuzzcon.eu