Menu

This was FuzzCon Europe - WebSecurity Edition

FuzzCon Europe - WebSecurity Edition was a full success. We were happy to welcome over 500 participants online. In case you missed the event or you want to rewatch certain talks, you can find the recordings of each presentation below. 


Simon Bennetts - Project Lead, StackHawk (OWASP ZAP)

Why Fuzzing Web Applications Is Hard

Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk. His philosophy is that you cannot build web applications without knowing how to attack them.

Presentation topics:

  • Why fuzzing is underused in web development
  • Differences between fuzzing and scanning
  • Challenges of fuzzing web applications

Marina Polishchuk - Research Software
Engineer, Microsoft Research (RESTler)

Stateful REST API Fuzzing with RESTler

Marina Polishchuk is passionate about systematically testing complex software. She is currently working at Microsoft Research on the problem of how to find security and reliability bugs in cloud services through fuzzing their REST APIs.

Presentation topics:

  • Why it is so important to fuzz REST APIs
  • What kind of bugs can be discovered through the REST API?
  • Testing large services with RESTler

Abhishek Arya - Principal Software Engineer, Google (OSS-Fuzz) & Fabian Meumertzheim - Senior Software Engineer, Code Intelligence (Jazzer)

OSS-Fuzz: Fuzzing Everything

Together with his team, Abhishek Arya launched OSS-Fuzz back in 2016. Since then, it has found over 1200 vulnerabilities. Fabian Meumertzheim, was one of the leading engineers behind Jazzer, Code Intelligence’s open-source fuzzer for JVM-based languages, which has recently been integrated into OSS-Fuzz. 

Presentation topics:

  • Why fuzzing memory-safe languages is so good at finding misbehaviours and crashes
  • Integrating Jazzer into OSS-Fuzz
  • Use Case: finding a CVE in a json sanitizer


Khaled Yakdan - CTO, Code Intelligence (Jazzer)

Coverage-Guided Fuzzing for Web Applications

As CTO of Code Intelligence, Khaled Yakdan drives the customer-oriented development of the CI Fuzz testing platform. As a malware analyst, he is an expert in binary code analysis with over 7 years of experience in reverse engineering and penetration testing.

Presentation topics:

  • Benefits of coverage-guided fuzzing
  • Making coverage-guided fuzzing available for everyone
  • Set-up and instrumentation for web applications

All Speakers

Moderator - Boris Paskalev, Head of Product, Snyk

Panel Discussion: Fuzzing for Web Applications

At the end of FuzzCon Europe - WebSecurity Edition, all speakers came together for a panel discussion about web security with a special focus on fuzzing. The discussion was moderated by Snyk's Boris Paskalev.

 

 

Jazzer_einfach1
Fuzz Testing for JVM is now Open Source

Check out Jazzer!

At Code Intelligence, we have already fixed thousands of bugs with our fuzzing engine for the JVM. Now its core is available to the community. We are excited to announce the open source launch of Jazzer.