Fuzz Off: How to Shake Up Code to Get It Right – Podcast

2021-08-10 14:43

Black Hat wasn't the only game in town last week: FuzzCon threw a bunch of software security experts and industry leaders into a black box and shook them up to see what fuzzing - an emerging trend in continuous software testing that automates white-hat hacking - is all about.

Fuzzing is an elite tool, so it makes sense that its use to discover Heartbleed - one of many bugs uncovered with fuzzing - was discovered and confirmed by elite code testers: Google's Neel Mehta discovered the vulnerability, while the Finnish company Codenomicon confirmed it.

Anmol Misra: The things that I would lay out for people who are building fuzzing programs for the first time is make sure you understand why you are doing fuzzing, because you're doing it for code coverage.

This place in the testing is where I've seen first time programs falter, or people who are new to fuzzing not taking that into account right off the bat.

Before you put this in place, you think through, you know what, you're going to show to developers, for example, how many, you know, when the fuzzing testing ends, how many issues did you find what they're critical and how do they stack it? Stack rank against other types of testing we have done.

Damilare D. Fagbemi: Even the name fuzzing: What is fuzzing? We're simply supplying a lot of inputs - many times, bad inputs - to an interface of a software company, to see how it performs on the test.

News URL

https://threatpost.com/fuzz-off-how-to-shake-up-code-to-get-it-right-podcast/168487/

#podcast