About This Course
This course provides an introduction to fuzzing, a software testing technique used to identify security vulnerabilities, bugs, and unexpected behavior in programs. Participants will gain a thorough understanding of fuzzing, including its goals, techniques, and practical applications in software security testing. The course covers a wide range of topics, such as the fundamentals of fuzzing, its working process, and various categories like mutation-based, generation-based, and coverage-guided fuzzing.
Advanced topics include using Address Sanitizer (ASAN) for memory error detection and specialized instrumentation like PCGUARD and LTO mode. Real-world exercises feature CVE analysis in software like Xpdf, libexif, and tcpdump, providing hands-on experience in applying fuzzing techniques to uncover vulnerabilities.
By the end of the course, participants will be equipped with the knowledge and skills to effectively use fuzzing to improve software security.
Syllabus
- Introduction
- Fuzzing Introduction
- AFL Introduction
- Hands On
- Lab Setup
- The First Fuzzing
- Slicing
- Fuzzing Xpdf
- Advanced Instrumentation pt.1
- PCGUARD vs LTO
- Fuzzing libexif
- Advanced Instrumentation pt.2
- ASAN
- Fuzzing TCPdump
Requirements
- Basic knowledge of software development and programming (preferably in C/C++ or similar languages)
- Basic understanding of the C/C++ compilation process, as well as familiarity with tools like CMake, Make, and related build system
- Familiarity with software security concepts
- Access to a computer with Linux (or a Linux VM) for hands-on exercises
Ссылка: https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Fuzz1001_Intro_AFL+2025_v1/about
Последнее редактирование:
