SlideShare a Scribd company logo

DS3 Fuzzing Panel (M. Boehme)

M
mboehme

The document discusses fuzzing, which is a technique for finding bugs in software by automatically feeding unexpected or random inputs to programs. It focuses on improving the scalability, efficiency, and effectiveness of fuzzing to discover more bugs. The author is an expert in software security and fuzzing who is interested in addressing fundamental limitations like the exponential cost of fuzzing and providing stronger assurances about software security through approaches from multiple disciplines.

Software
1 of 6
Download to read offline
1
2
3
4
5
6
whoami Proving absence of bugs. Showing presence of bugs. Maximising Fuzzing Effectiveness & Efficiency More Challenges in Fuzzing Fundamental Limitation: Exponential Cost Assurances in Software Security Future Directions • Fuzzing for Automatic Vulnerability Discovery • Making machines attack other machines. • Focus on scalability, efficiency, and effectiveness. • Foundations of Software Security • Assurances in Software Security • Fundamental limitations of existing approaches • Drawing from multiple disciplines (information theory, biostatistics) whoami Marcel Böhme ARC DECRA Fellow Senior Lecturer (A/Prof) Monash University, Australia
fuzzing more in The Fuzzing Book @ fuzzingbook.org
efficiency
scalability 1 2 4 8 16 32 64 128 256 512 machines new bugs 1 2 3 4 5 6 7 8 9 24 hrs
continuous fuzzing
when to stop?

More Related Content

PDF
Foundations Of Software Testing
mboehme
 
PDF
Fuzzing: Challenges and Reflections
mboehme
 
PDF
The Curious Case of Fuzzing for Automated Software Testing
mboehme
 
PDF
Ensuring Security through Continuous Testing
TechWell
 
PDF
Security vulnerabilities for grown ups - GOTOcon 2012
Vitaly Osipov
 
PDF
Sigma Open Tech Week: Bitter Truth About Software Security
Vlad Styran
 
PPTX
2014 abic-talk
c.titus.brown
 
PDF
A taste of Exploratory Testing
Anne-Marie Charrett
 
Foundations Of Software Testing
mboehme
 
Fuzzing: Challenges and Reflections
mboehme
 
The Curious Case of Fuzzing for Automated Software Testing
mboehme
 
Ensuring Security through Continuous Testing
TechWell
 
Security vulnerabilities for grown ups - GOTOcon 2012
Vitaly Osipov
 
Sigma Open Tech Week: Bitter Truth About Software Security
Vlad Styran
 
2014 abic-talk
c.titus.brown
 
A taste of Exploratory Testing
Anne-Marie Charrett
 

Similar to DS3 Fuzzing Panel (M. Boehme) (20)

PPT
Fuzzing101 - webinar on Fuzzing Performance
Codenomicon
 
PPTX
Fault Models and Fuzzing
Shmuel Gershon
 
PPT
Fuzzing 101 Webinar on Zero Day Management
Codenomicon
 
PPT
Perform fuzz on appplications web interface
IndicThreads
 
PPTX
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 
PDF
Fighting Software Inefficiency Through Automated Bug Detection
Md E. Haque
 
PDF
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
PDF
Fuzzing underestimated method of finding hidden bugs
Pawel Rzepa
 
PDF
Shorter Version of BbWorld 09 Forensics Presentation
Steve Feldman
 
PDF
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
 
PDF
Az4301280282
IJERA Editor
 
PDF
bug-advocacy
KALYAN Chakravarthy
 
PDF
0-knowledge fuzzing white paper
zynamics GmbH
 
PDF
0-knowledge fuzzing white paper
Vincenzo Iozzo
 
PPTX
Blaze Information Security: Slaying bugs and improving software security thro...
Blaze Information Security
 
PPT
msutton-fuzzing.ppt
kzyra
 
PDF
FUZZING & SOFTWARE SECURITY TESTING
MuH4f1Z
 
PDF
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
PPTX
How to fix bug or defects in software
Rajasekar Subramanian
 
PDF
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
OWASP
 
Fuzzing101 - webinar on Fuzzing Performance
Codenomicon
 
Fault Models and Fuzzing
Shmuel Gershon
 
Fuzzing 101 Webinar on Zero Day Management
Codenomicon
 
Perform fuzz on appplications web interface
IndicThreads
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 
Fighting Software Inefficiency Through Automated Bug Detection
Md E. Haque
 
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
Fuzzing underestimated method of finding hidden bugs
Pawel Rzepa
 
Shorter Version of BbWorld 09 Forensics Presentation
Steve Feldman
 
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
 
Az4301280282
IJERA Editor
 
bug-advocacy
KALYAN Chakravarthy
 
0-knowledge fuzzing white paper
zynamics GmbH
 
0-knowledge fuzzing white paper
Vincenzo Iozzo
 
Blaze Information Security: Slaying bugs and improving software security thro...
Blaze Information Security
 
msutton-fuzzing.ppt
kzyra
 
FUZZING & SOFTWARE SECURITY TESTING
MuH4f1Z
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
How to fix bug or defects in software
Rajasekar Subramanian
 
[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs
OWASP
 
Ad

More from mboehme (9)

PDF
[Keynote @ RAID'24] How to solve cybersecurity once and for all
mboehme
 
PDF
An Implementation of Preregistration
mboehme
 
PDF
On the Reliability of Coverage-based Fuzzer Benchmarking
mboehme
 
PDF
Statistical Reasoning About Programs
mboehme
 
PDF
On the Surprising Efficiency and Exponential Cost of Fuzzing
mboehme
 
PDF
Fuzzing: On the Exponential Cost of Vulnerability Discovery
mboehme
 
PDF
Boosting Fuzzer Efficiency: An Information Theoretic Perspective
mboehme
 
PDF
AFLGo: Directed Greybox Fuzzing
mboehme
 
KEY
NUS SoC Graduate Outreach @ TU Dresden
mboehme
 
[Keynote @ RAID'24] How to solve cybersecurity once and for all
mboehme
 
An Implementation of Preregistration
mboehme
 
On the Reliability of Coverage-based Fuzzer Benchmarking
mboehme
 
Statistical Reasoning About Programs
mboehme
 
On the Surprising Efficiency and Exponential Cost of Fuzzing
mboehme
 
Fuzzing: On the Exponential Cost of Vulnerability Discovery
mboehme
 
Boosting Fuzzer Efficiency: An Information Theoretic Perspective
mboehme
 
AFLGo: Directed Greybox Fuzzing
mboehme
 
NUS SoC Graduate Outreach @ TU Dresden
mboehme
 
Ad

Recently uploaded (20)

PDF
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
PDF
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PDF
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
PPTX
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
PDF
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PDF
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PDF
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Website Design Services for Small Businesses.pdf
ecomme9
 
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
assetexplorer- product-overview - presentation
nonameist3434
 
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Website Design Services for Small Businesses.pdf
ecomme9
 

DS3 Fuzzing Panel (M. Boehme)

  • 1. whoami Proving absence of bugs. Showing presence of bugs. Maximising Fuzzing Effectiveness & Efficiency More Challenges in Fuzzing Fundamental Limitation: Exponential Cost Assurances in Software Security Future Directions • Fuzzing for Automatic Vulnerability Discovery • Making machines attack other machines. • Focus on scalability, efficiency, and effectiveness. • Foundations of Software Security • Assurances in Software Security • Fundamental limitations of existing approaches • Drawing from multiple disciplines (information theory, biostatistics) whoami Marcel Böhme ARC DECRA Fellow Senior Lecturer (A/Prof) Monash University, Australia
  • 2. fuzzing more in The Fuzzing Book @ fuzzingbook.org
  • 4. scalability 1 2 4 8 16 32 64 128 256 512 machines new bugs 1 2 3 4 5 6 7 8 9 24 hrs