Skip to content
Close

  

JoinTheDiscussion4

Program 2022 - Live on November 17th

4:00 PM - 4:15 PM (CET)
Juliana Rouhana
Code Intelligence

Welcome and Introduction A general welcome and introduction to the conference for all attendees.

4:15 PM - 4:30 PM (CET)
Sergej Dechand
Code Intelligence

Current challenges of Testing Automotive Software

From new industry standards to dealing with false positives and growing dependencies within automotive software systems, Sergej will detail the current challenges of keeping automotive software secure. 

 

4:30 PM - 5:00 PM (CET)
Andreas Weichslgartner
CARIAD

Historical Vulnerabilities in the Automotive Space: Common Classes of Bugs Present in Embedded Software

In this talk, Andreas will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development.

He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. 

Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues. 

In addition, he will examine current trends towards more secure and safe programming languages eliminating the shown bug classes in the future.

5:00 PM - 5:30 PM (CET)
Li Yuekang & Dr. Sheikh Mahbub Habib
NTU Singapore & Continental

Bridging the Gaps of Grey-box Fuzzing from an Industry-Research Perspective

Software testing typically requires these three steps:

1. test case generation

2. target program execution 

3. execution feedback analysis.

Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task.

However, through industry practice, we find that target program execution can be challenging for libraries or IoT software.

Therefore, we propose two techniques for emulation based fuzzing on IoT software and automated fuzz driver generation.

We have implemented prototypes for these techniques and used them to find dozens of vulnerabilities in open-source libraries and routers.

5:30 PM - 6:00 PM (CET)
Nico Vinzenz
ZF Group

Integrating Fuzz Testing into an Automotive Cybersecurity Test Strategy Fuzz testing has proven itself as a powerful approach for finding previously undiscovered vulnerabilities and robustness issues. 

However, while the fuzz testing tool is key, the timing and scope of its application during the development is crucial as well.

This talk addresses these pain points and explains how fuzz testing can be beneficial when integrated early and systematically at every stage of the product development process.

6:00 - 6:30 PM (CET)
René Palige & Rosemary Joshy
Continental

Fuzzing beyond Cybersecurity In their talk,  René and Rosemary will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes. 

They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.

6:30- 7:00 PM (CET)
Michal Frenkel & Victor Marginean
Argus Cyber Security Ltd.

How to Improve Automotive Security

Michal and Victor will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces.

They will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs.

Speakers - 2022 

Andreas Weichslgartner

Andreas Weichslgartner
Senior Technical Security Engineer,
CARIAD

Nico Vinzenz

Nico Vinzenz
Cybersecurity Expert,
ZF Group

René Palige

René Palige
Expert Automotive Software Cyber Security, Continental

Rosemary Joshy

Rosemary Joshy
Head of Global SQ Strategy, Inovation and Business Improvement, Contitntal

Michal Frenkel

Michal Frenkel
VP Products & Strategy,
Argus Cyber Security Ltd.

Victor Marginean

Victor Marginean
Presales Worldwide Director,
Argus Cyber Security Ltd.

Yuekang Li

Yuekang Li
Research Assistant Professor, 
NTU Singapore

Dr. Sheikh Mahbub Habib

Dr. Sheikh Mahbub Habib
Head of Growth Field "Security & Privacy, Contintnal

About FuzzCon Europe - Automotive Edition

FuzzCon Europe - Automotive Edition brings together leading developers, DevOps engineers, and security experts from the automotive industry to engage in coding sessions focused on real use cases and challenges, to learn from experienced developers who will share their best practices on securing automotive software, and to connect with like-minded developers.

Join the discussion and learn...

-How to Comply With New Industry Standards
-How to Deal with Growing Complexity in Automotive Software
-How to Improve Security Testing for Automotive Software

What will you learn during FuzzCon Europe - Automotive Edition?

How to Comply With New Industry Standards

New regulations require extended security tests and propose automated fuzz testing as a complementary approach to penetration testing (UNECE WP.29, ISO 21434). This conference will provide developers with best practices and use cases on how to implement those standards.

How to Avoid False Positives

Software Composition Analysis (SCA) and Static Application Security Testing (SAST) are widely used in automotive software security. These methods automate the testing processes to a degree, but they also put out many false positives, which are highly time-consuming. This conference will explore best practices and use cases on how to scale your security testing efforts, without false positives.

How to Deal with Growing Dependencies 

Automotive software systems tend to have many dependencies, which makes them particularly difficult to secure. Existing testing approaches, such as Manual Testing and Static Analysis, often do not provide sufficient security to cope with the complexity of these applications.

At this conference, you will learn best practices and use cases on how to cope with this complexity through automation.

How to Implement Fuzz Testing for Automotives

ISO 21434 and UNECE WP.29 recommend OEMs integrate feedback-based fuzz testing into their DevOps processes and define new requirements for software security engineering. You will learn how you can directly implement fuzz testing in automotive software.

FAQs

What is Fuzzing?

"Fuzzing" or "fuzz testing" is currently the most effective testing approach to automatically detect security and stability issues in software. It involves providing invalid, unexpected, or random data as inputs to a computer program. 

Modern fuzzing engines (such as AFL++, or Jazzer) do not just use random inputs, but smart algorithms tailoring the input to increase the amount of code which is tested/covered by the fuzzer.

Read more about fuzzing.

When Will FuzzCon Automotive Take Place?

Thursday, November 17th 2022, starting at 16:00 CEST

What event platform will be used for the online event?

FuzzCon Automotive will be streamed LIVE on our site,  and on LinkedIn.

Will the event be recorded?

Yes! Every session will be recorded. Just sign up, and we will provide you with the recordings after the conference.

I live in a different time-zone. Can I still participate?

We welcome attendees from all time zones! However, if the timing is not accessible for you, you are welcome to download the recordings and reach out to us with any questions you might have.

I have more questions. How can I contact the conference team?

Ask us anything! You can contact the team anytime via email at info@fuzzcon.eu

Automotive Fuzzing Resources

TOUCH
Secure Automotive Systems: 3 Steps To Prevent Crashes
Secure Automotive Systems: 3 Steps To Prevent CrashesRead More
TOUCH
Automotive Software - 6 Tips For ISO 21434 Compliance
Automotive Software - 6 Tips For ISO 21434 ComplianceRead More
TOUCH
Fuzz Testing Embedded Applications With Dependencies
Fuzz Testing Embedded Applications With DependenciesRead More