By
Noam Rathaus, Co-founder and CTO, Beyond Security, Israel, Microsoft Events Insider
Gadi Evron, Former Internet Security Operations Manager for the Israeli government, Founder of the Israeli government's Computer Emergency Response Team
Description
Fuzzing is often described as a “black box” software testing technique. It works by automatically feeding a program multiple input iterations
in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative
of the existence of a security vulnerability, which can later be researched and fixed.
Fuzz testing is now making a transition from
a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different
ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing;
when is enough enough? These issues and many others are fully explored.
Audience:
Security professionals of all levels and IT professionals involved in the software development process.
