The many faces of fuzzing

Session: Security testing and validation, Wed., Sep. 16, 14:45 - 15:15

Fuzzing techniques have been in use for many years as a method to find application bugs. The fuzzing concept has evolved from single random input generation tools to large and complex vulnerability discovery platforms. Nowadays, fuzzing is a fundamental method for security testing of applications, network protocols and structured data parsers. However, due to its own shortcomings, fuzzing methodology is still subject to active research by specialists in the security and testing communities. 

Due to many variations of fuzzing, it is important to know which approach is best to use for a specific target. In my talk, I will discuss various approaches together with their strengths and weaknesses.

About Radek Domanski
Radek Domanski works at Huawei Technologies in the European Research Center in Munich. His research involves methods and techniques that can improve quality of product security testing. He has many years of hands-on experience of security testing focusing on practical security attacks scenarios, especially in the telecom environments. His personal interests include fuzzing, reverse engineering, applications exploitation and systems security.