Security Testing (Fuzzing) with Blackbox, Greybox and Whitebox Techniques

Speaker:  Yang Liu – Singapore, Singapore
Topic(s):  Software Engineering and Programming

Abstract

Security Testing (a.k.a. fuzzing) has recently become the popular technique in hunting for vulnerabilities. But to make it more effective and directly applied in real projects, there is still a long way to go. In this talk, we are exploring the different techqniues to improve security testing from using blackbox approach, to greybox approach, to whitebox approach. To further improve the guided fuzzing, we are exploring the possiblity to combine static analysis and deep learning with fuzzing in various scenario. Lastly, we also demonstrate some possible ideas to develop vulnerability type specific fuzzing solutions for resource-related vulnerabilities and Use-after-free vulnerabilities. Most of these techniques are based on AFL and variations of AFL for the implementation and experiment. We go one step further to build an effective binary fuzzer to support the fuzzing of pure C/C++ binaries running in different plantforms and architctures. This talk highlights the challenges and future directions in security testing.

About this Lecture

Number of Slides:  60
Duration:  45 minutes
Languages Available:  Chinese (Simplified), English
Last Updated: 

Request this Lecture

To request this particular lecture, please complete this online form.

Request a Tour

To request a tour with this speaker, please complete this online form.

All requests will be sent to ACM headquarters for review.