Name
G1. The Aftermath of a Fuzz Run: What to Do About Those Crashes?
Date & Time
Thursday, May 11, 2017, 2:00 PM - 3:00 PM
David Moore
Description
Session Description:
 
Fuzzing is a highly effective means of finding security vulnerabilities - new, easy to use and highly effective fuzzers such as American Fuzzy Lop and libFuzzer have driven its increased popularity. Once a fuzz run has found cases that crash the target application, each must be reduced, triaged and the root cause found to enable a fix. In this presentation, David Moore will describe tools, tactics and techniques for performing post fuzz run analysis on the resulting crashes with the goal of fixing the vulnerabilities.
 
 
 
Location Name
Room 703
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
Category
AppSec
Learner Objectives
After completing this session, learner will: 
  • Understand the various types of memory corruption bugs  
  • Be able to describe what it means for a bug to be 'exploitable'
  • Be familiar with the most effective crash analysis tools
  • Have a workflow for triaging and debugging crashes found by fuzzers
 
Speaker Bio(s)
David Moore is founder and CEO of Fuzz Stati0n. He has been involved in software development and security for the past 20 years, working with NeXT, Apple, Weblogic and Azul Systems. David's trophy case includes public recognition from Google, Twitter, Netflix, Linux, Ruby, Python, and PHP. Fuzz Stati0n was founded to improve security for everyone.
Sorting Order
1