Artech House authors are experts in their respective field, and Dr. Jared DeMott, an author of Fuzzing for Software Security Testing and Quality Assurance, Second Edition, is no exception. Read on for two presentation Dr. DeMott shared regarding next generation fuzzing tools:
Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits
Dr. Jared DeMott & John Stigerwalt
The process of fuzzing has changed, from multation, to frameworks, to the constraint solving (CS) and genetic algorithms (GA) of today. While pre-written suites and custom one-offs can be great, GAs (AFL/Clusterfuzz) and CS (Sage/MSRD) often do the best – and we?ll drop serious vulns in this talk to prove it. These tools are paired best with scale – fuzzing-as-a-service (FaaS). It?s time to exposure your code before attackers do. But it?s still not a perfectly simple endeavor. We will explain harnesses; how to pick seeds; which portions of the app to target, CI/CD, and much more. We?ll look at an exciting, new DAST tool: microsoftsecurityriskdetection.com.
To visit the full site, click here.
For more information or to order the book, click here.