|Conference:||Verification Futures 2017 (click here to see full programme)|
|Speaker:||Richard Storer (Senior Security Consultant), MathEmbedded Ltd|
|Presentation Title:||Finding Security Vulnerabilities by Fuzzing and Dynamic Code Analysis|
|Abstract:||Fuzzing, stressing a program with random input, has been a useful black-box testing technique since 1989.|
More recent fuzzers use white-box code coverage or symbolic execution techniques to discover how random changes in input affect the program’s control flow. When combined with dynamic code analysis, this approach is particularly good at finding the memory access errors; buffer overflow, null pointer dereference, etc. that are frequent causes of security vulnerabilities.
In this talk we examine why this approach is so powerful and provide some tips for using it effectively.
|Speaker Bio:||Richard Storer has been developing and managing embedded software projects for over 20 years. He now specialises in security analysis of embedded systems and security training for software engineers and architects for MathEmbedded Ltd, a leading consultancy in embedded software security. Recent customers include consumer electronics, automotive, white goods and silicon manufacturers. Richard has a PhD in Electronic Engineering from Bristol University.|
VF2017: Fuzzing and dynamic code analysis