This course provides an introduction to fuzzing, a software testing technique used to identify security vulnerabilities, bugs, and unexpected behavior in programs. Participants will gain a thorough understanding of fuzzing, including its goals, techniques, and practical applications in software security testing. The course covers a wide range of topics, such as the fundamentals of fuzzing, its working process, and various categories like mutation-based, generation-based, and coverage-guided fuzzing.
Advanced topics include using Address Sanitizer (ASAN) for memory error detection and specialized instrumentation like PCGUARD and LTO mode. Real-world exercises feature CVE analysis in software like Xpdf, libexif, and tcpdump, providing hands-on experience in applying fuzzing techniques to uncover vulnerabilities.
By the end of the course, participants will be equipped with the knowledge and skills to effectively use fuzzing to improve software security.
Francesco is a security tester and vulnerability researcher at Siemens, his focus is on cloud-based IoT/OT systems. Before joining Siemens, he earned a PhD from the University of Modena and Reggio Emilia, where his research focused on automotive cybersecurity and lightweight cryptographic protocols for constrained devices.