Presentations - Fuzzinator, a browser fuzzing framework

  • Location: Security Dome
  • Speaker: Renáta Hodován
  • Date and time: 21. October 2016. 15:20 - 16:05

Fuzz or random testing is a kind of unconventional testing methology where the tests are not predefined, instead they are generated randomly according to various heuristics. Furthermore, contrary to traditional testing methods, it doesn't test for correctness, but it only looks for failures, this is why it's also called negative testing. Because of its randomness, it's able to generate such nasty test cases that a decent engineer would not even think of, unrevealing hidden - and in many cases, security related - issues.

This is why it's widely used among security researchers and is a vital part of many development lifecycles. In this talk, a freshly released browser fuzzing framework, named Fuzzinator, will be introduced which already revealed hundreds of bugs in popular web browsers like Google Chrome and Apple Safari. While going thorugh the features of the framework, the audience will get an insight how to write its own fuzzer either as a standalone tool as a plugin in Fuzzinator.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical