Security Testing (Fuzzing) with Blackbox, Greybox and Whitebox TechniquesSpeaker: Yang Liu – Singapore, Singapore
Topic(s): Software Engineering and Programming
AbstractSecurity Testing (a.k.a. fuzzing) has recently become the popular technique in hunting for vulnerabilities. But to make it more effective and directly applied in real projects, there is still a long way to go. In this talk, we are exploring the different techqniues to improve security testing from using blackbox approach, to greybox approach, to whitebox approach. To further improve the guided fuzzing, we are exploring the possiblity to combine static analysis and deep learning with fuzzing in various scenario. Lastly, we also demonstrate some possible ideas to develop vulnerability type specific fuzzing solutions for resource-related vulnerabilities and Use-after-free vulnerabilities. Most of these techniques are based on AFL and variations of AFL for the implementation and experiment. We go one step further to build an effective binary fuzzer to support the fuzzing of pure C/C++ binaries running in different plantforms and architctures. This talk highlights the challenges and future directions in security testing.
About this LectureNumber of Slides: 60
Duration: 45 minutes
Languages Available: Chinese (Simplified), English
Request this Lecture
To request this particular lecture, please complete this online form.
Request a Tour
To request a tour with this speaker, please complete this online form.
All requests will be sent to ACM headquarters for review.