Fuzz Testing of Envoy - Ensuring Security and Correctness
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore fuzz testing techniques for Envoy in this 28-minute conference talk by Google engineers Adi Peleg and Teju Nareddy. Gain insights into ensuring the correctness and safety of Envoy parsers and state machines against untrusted or adversarial inputs. Learn about automated software testing methods that use randomized inputs to uncover complex edge cases and potential vulnerabilities. Discover various fuzzers used in Envoy, the OSS-Fuzz infrastructure, and real-world examples of bugs discovered through fuzz testing. Delve into the creation of specific fuzz tests for ESF components in Envoy, and understand the different levels of fuzzing, their tradeoffs, and the development workflow. Get an overview of what to fuzz in Envoy, who can write fuzz tests, and how the community can contribute to this crucial aspect of software security.
Syllabus
Intro
How does fuzzing work?
Fuzz Test Goals
Library Under Test
Fuzz Schema
Initial Corpus
Example Mutation
Development Workflow
What to Fuzz in Envoy?
Levels of Fuzzing in Envoy
Fuzzer Tradeoffs
Who Can Write Fuzz Tests?
Community Help
Future Work
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Evaluating Fuzz TestingAssociation for Computing Machinery (ACM) via YouTube O'Dea Assertions Untwining the Security of the SAML Protocol
nullcon via YouTube Fuzz Smarter, Not Harder - An AFL-Fuzz Primer
Security BSides San Francisco via YouTube A Practical Guide to Fuzz Testing Embedded Software in a CI Pipeline - Dennis Kengo Oka - Ekoparty 2021: Hardware Hacking Space
Ekoparty Security Conference via YouTube Google Reimagined a Phone - It Was Our Job to Red Team and Secure It
Black Hat via YouTube