The state of fuzzing in open source software
who: Douglas Bagnall
when: Sat, 13 Nov 2021 14:45:00 +1300
where: The Michael Fowler Centre
Fuzzing means giving software random input to see what makes it crash. But piping /dev/urandom into stdin won’t get you very far into your programs routines for parsing structured data (particularly if it doesn’t listen on stdin). Modern fuzzing involves writing specific functions to exercise interesting parts of your software (a bit like unit tests), and attacking them with input that evolves to find its way into all the nooks and crannies. This talk in a practitioner’s introduction to coverage guided fuzzing, and shows some tricks you can use to fuzz software that doesn’t seem like it was written to be fuzzed.
Douglas Bagnall is an artist, hacker, and software developer.