Evaluating Fuzz Testing
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore the critical aspects of evaluating fuzz testing techniques in this 26-minute ACM conference talk. Delve into the general fuzzing algorithm and learn how to assess the effectiveness of new fuzzers through proper experimental setups. Discover the importance of performing multiple trials, understanding high variance, selecting appropriate seed files, and determining optimal fuzzing durations. Examine benchmark programs, methods for assessing fuzzer effectiveness, and techniques for identifying true bugs. Gain insights into using history for root cause analysis, interpreting stack hashes, and analyzing control flow when triggering bugs. Consider the potential for developing a standardized fuzzing benchmark to enhance comparability and reliability in fuzzing research.
Syllabus
Intro
What is fuzzing?
General fuzzing algorithm
Evaluating your new fuzzer
Performing multiple trials
High variance is real
Choice of seed file used
Timeouts: how long to fuzz?
Benchmark programs
Assessing fuzzer effectiveness
Using history to find root causes
True bugs found per run
Stack hashes
Program crashes here
Control flow when triggering bug
A fuzzing benchmark?
Taught by
Association for Computing Machinery (ACM)
Related Courses
O'Dea Assertions Untwining the Security of the SAML Protocolnullcon via YouTube Fuzz Smarter, Not Harder - An AFL-Fuzz Primer
Security BSides San Francisco via YouTube A Practical Guide to Fuzz Testing Embedded Software in a CI Pipeline - Dennis Kengo Oka - Ekoparty 2021: Hardware Hacking Space
Ekoparty Security Conference via YouTube Google Reimagined a Phone - It Was Our Job to Red Team and Secure It
Black Hat via YouTube The Next Generation of Windows Exploitation - Attacking the Common Log File System
Black Hat via YouTube