PPT-Fuzzing Suman Jana *Acknowledgements:

Dawn Song Kostya Serebryany Peter Collingbourne Techniques for bug finding Automatic test case generation Lower coverage Lower false positives Higher false negatives Fuzzing . Cows. The “No Bull” Talk on Fuzzing. Security B-Sides Ottawa. November 13, 2010. Mike Sues (Rigel Kent). Karim Nathoo (Inverse Labs). Objectives. We can’t cover fuzzing in-depth in 50 minutes. Raise awareness of fuzzing as an option in higher assurance/product evaluations/more focused assessments. By. . Nikolaj . Tolka. čio. v. Agenda. What is web application fuzz testing. Introduction to “Fuzzing Machine”. What results it produces. Youtube. setup in “Fuzzing Machine” . How it can be used in other projects. Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Narayanan. Vitaly. Shmatikov. Protecting User Privacy from Perceptual Applications . 2. What does this all mean for a. security & privacy researcher?. The Future of Computing?. They Are Watching…. Dynamic Taint Analysis. Track information flow through a program at runtime. Identify sources of taint – . “. TaintSeed. ”. What are you tracking?. Untrusted input. Sensitive data. Taint Policy – . Adopted From U Penn . CIS 570: Modern Programming Language Implementation (Autumn 2006). Data flow analysis. D. erives . information about . the. . dynamic. . behavior . of a . program . by . only examining . John . Heasman. Stanford University, April 2009. Agenda. Introductions. What is . fuzzing. ?. What data can be fuzzed?. What does fuzzed data look like?. When (not) to fuzz?. Two approaches and a basic methodology. Software Vulnerability Detection. . Tielei . Wang. 1,2. , Tao Wei. 1,2. , Guofei Gu. 3. , Wei . Zou. 1,2. 1. Key Laboratory of Network and Software Security Assurance . (. Peking University), . Ministry . including Merck, Pharmacia, and Pfizer. She has been with Bristol - Mye rs Squibb for the past 9 years. Jana has a Bachelor’s degree in Chemistry/Biochemistry, and started in the industry as a for Jana Rosenmann was named Head of Unmanned Aerial Systems (UAS) program me line in March 2017. In this position she is operationally responsible for UAS program me s in Airbus Defence and Spa za first last  one, Saturday]  seven, last day juma; wiki [week] Jumatatu [Tuesday] [Thursday] [Friday] [Saturday] Zingatia [note] juzi [day before yesterday] jana [today] [tomorrow] on 20/20, Entertainment Tonight, Oprah, the nationwide. Her compositions are sung by Reba McEntire, rmers ranging from Kenny Loggins to The Dixie Chicks. Keynote Concerts, Inc. is the name of Ja By establishing the Jana L. Edge Endowed International Transcultural Nursing Scholarship, Jana will assist nursing students to have the opportunity to travel internationally, and thereby see nursing f *some slides are borrowed from . Baishakhi. Ray and . Ras. . Bodik. Our Goal. Program . Analyzer . Source code. Security bugs. Program analyzer must be able to understand program properties. (e.g., can a variable be NULL at a particular program point? ).