A Practical Guide to Fuzz Testing Embedded Software in a CI Pipeline - Dennis Kengo Oka - Ekoparty 2021: Hardware Hacking Space

Explore a practical guide to implementing fuzz testing for embedded software in continuous integration pipelines through this 30-minute conference talk from Ekoparty 2021's Hardware Hacking Space. Learn how to identify target communication protocols, define effective fuzz testing strategies, and execute continuous fuzz testing using the Zephyr Project RTOS as an example. Gain insights into automotive cybersecurity trends, the importance of fuzz testing in detecting unknown vulnerabilities, and step-by-step instructions for integrating fuzz testing into CI pipelines. Discover techniques for prioritizing test targets, managing test results, preparing fuzz test environments, and configuring Jenkins pipelines. Presented by Dr. Dennis Kengo Oka, an automotive cybersecurity expert with over 15 years of industry experience, this talk provides valuable knowledge for enhancing cybersecurity practices in automotive software development.

Introduction
Agenda
Automotive trends
Cyber security
fuzzed messages
fuzz testing in a CI pipeline
strategies for fuzz testing
when to test
how to test
practical steps
zephyr
ci pipeline
ci pipeline example
target system
prioritize test targets
fuzz testing strategies
Detecting exceptions
Managing test results
Fuzz testing environment
Preparing the fuzz test environment
Preparing the native Posix networking environment
Configuring the file testing tool
Configuring the Jenkins pipeline
Call to Action