Structured fuzzing for real-world projects

Speaker: Réka Nikolett Kovács

Audience level: Intermediate | Advanced


Many previous talks have shown how to fuzz-test trivial applications. This talk will aim to demonstrate how to apply these techniques to real-world software projects, whose components consume non-trivial data structures.

After a short introduction to fuzzing and dynamic code analysis, we'll see how these two can work together to uncover vulnerabilities. Then, starting from a simple example, we'll build our way up to generating structured inputs by mutating protocol buffers using LLVM's coverage-guided fuzzing engine.