DATA MINER: Jaanus Kääp - Automated fuzz testing of closed source applications based on the code cov, DATA MINER: TestCon Vilnius 2016 HD
00:36:01
Обнаружено блокирование рекламы на сайте
Для существования нашего сайта необходим показ рекламы. Просим отнестись с пониманием и добавить сайт в список исключений вашей программы для блокировки рекламы (AdBlock и другие).
DATA MINER 239 роликов
94 просмотра на сайте 12n.ru
Jaanus Kääp - Automated fuzz testing of closed source applications based on the code cov.
TestCon Vilnius 2016. Software Testing & QA Conference. October 21, 2016 | Automated fuzz testing of closed source applications based on the code coverage (corpus distillation)With constantly improving development environments and software, it should become harder and harder to find new security issues without diving very deep into the implementation or inventing new fuzzing techniques. But reality is not reflecting this assumption. With zero knowledge of the protocol/format, the attacker can often find new issues by simple method like bit flipping combined with smart file selection. And this works even against largest vendors!That simple method was used by the author of this talk, to find tens of vulnerabilities in many document readers (by vendors like Adobe, Apple, Microsoft etc) without any knowledge in file formats themselves and minimal resources. The talk focuses on the method and the tool development for such vulnerability research.
развернуть свернуть