| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
The process of fuzzing has changed, from multation, to frameworks, to the constraint solving (CS) and genetic algorithms (GA) of today. While pre-written suites and custom one-offs can be great, GAs (AFL/Clusterfuzz) and CS (Sage/MSRD) often do the best - and we?ll drop serious vulns in this talk to prove it. These tools are paired best with scale - fuzzing-as-a-service (FaaS). It?s time to exposure your code before attackers do. But it?s still not a perfectly simple endeavor. We will explain harnesses; how to pick seeds; which portions of the app to target, CI/CD, and much more. We?ll look at an exciting, new DAST tool: microsoftsecurityriskdetection.com. From there we?ll teach you how to turn the bugs into fixes, or exploits. Excitingly, you?ll learn how to write 0day from results.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast