Secure Software Development with Continuous and Collaborative Fuzzing |
Abstract
Fuzzing is an automated security testing technique that is used by both hackers and security researchers to discover (zero-day) vulnerabilities in large real-world software systems. Fuzzing was coined by Prof. Barton Miller in 1988 but recently it has received lots of attention from both industry and academia; many works have been done to make fuzzing much more effective and more efficient. This talk will cover both the basic concepts and the advanced research in fuzzing. The speaker will also explain how fuzzing can be deeply integrated into the software development process so that the software can be thoroughly and continuously tested from the first days of its life cycle. Some successful case studies and potential improvements will be discussed. Speaker Bio: Thuan Pham (https://thuanpv.github.io/) is currently a Research Fellow at Monash University, working on scalable and high-performance fuzz testing to improve the reliability of software systems running on IoT devices, mobile devices, personal computers, and servers. Before joining Monash, he worked in the TSUNAMi research center (National University of Singapore) which focuses on software and system security. He received his Ph.D. degree in Computer Science from the National University of Singapore (NUS) in July 2017. His research has led to many papers published at premier journals and conferences (TSE, ICSE, CCS) as well as one US patent. He has developed several well-received security testing tools (e.g., AFLGo, AFLSmart, AFLNet), that have found 100+ (critical) vulnerabilities in large real-world software systems. His research has been covered in media channels like Theregister.co.uk and Securityweek.com. |