Java Fuzzing With Jazzer | New Features Simplify Fuzz Testing

preview_player
Показать описание
Since Code Intelligence’s Java fuzzer “Jazzer” has been open-sourced in Febrary 2021, it has found over 200 bugs and vulnerabilities in popular open-source libraries such as jsoup, Jackson and Apache Commons. In this introduction, I want to highlight some of the features that Jazzer has gained since its initial release:
1) macOS and Windows support
2) Autofuzz – start fuzzing with just a .jar and a method name!
3) Bug detectors for certain high-severity vulnerability classes (e.g. unsafe deserialization/reflection)

Content
00:00 - Intro
00:54 - What is Jazzer?
01:58 - Requirements and features
05:05 - What bugs can you find with Jazzer?
08:11 - Write your own bug detectors
12:48 - Autofuzz helps you to set up fuzz tests
19:28 - More features
22:05 - Closing thoughts

Sources:
[1] About Jazzer
[2] What is Fuzz Testing?
[3] What Bugs Can You Find With Fuzzing?
[4] Link to Jazzer GitHub Repository (Open-Source)
[5] Fabian Meumertzheim on Twitter
  1. Code Intelligence
  2. Java
  3. Security Testing
  4. Fuzzing
  5. OSS-Fuzz
  6. Software
Рекомендации по теме
Fuzzing Java code 0:22:04

Fuzzing Java code (JSoup) using Jazzer fuzzer - Java Security

Java Fuzzing With 0:22:44

Java Fuzzing With Jazzer | New Features Simplify Fuzz Testing

Fuzzing Java with 1:15:45

Fuzzing Java with Jazzer

Fuzzing java code 0:01:41

Fuzzing java code jsoup using jazzer fuzzer java security

Fuzzing Java to 0:20:19

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

Introduction to JavaScript 0:33:40

Introduction to JavaScript Fuzzing | How to Write a Fuzz Test With Jazzer.js

Writing A Java 0:00:47

Writing A Java Security Test in Less Than A Minute

Can we find 0:18:34

Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 - Log4j RCE)

How to Keep 0:47:40

How to Keep your Web Applications Secure: Everything you need to know about Fuzzing

Short Intro to 0:30:20

Short Intro to OSS-Fuzz | How to Find and Fix Bugs in Open-Source at Scale

My New Year's 0:01:10

My New Year's Resolution As A Java Dev | Code Intelligence

Fuzzing for Java 0:05:11

Fuzzing for Java Spring Boot (Part 1: local)

Google’s OSS-Fuzz extends 0:01:34

Google’s OSS-Fuzz extends fuzzing to Java Apps | Google Javascript | Algoworks

Максим Казанцев — 0:59:13

Максим Казанцев — Fuzzing для тестирования JVM: зачем и как

Fuzzying Java Code 0:30:29

Fuzzying Java Code With the Help of JQF By Tobias Ospelt (2019)

ZAPCon 2021: Enhacing 0:40:41

ZAPCon 2021: Enhacing ZAP with Feedback Based Fuzzing

BlackAlps 2019: Fuzzing 0:41:50

BlackAlps 2019: Fuzzing Java Code With The Help Of JQF - Tobias Ospelt

How to Write 0:04:02

How to Write a Fuzz Test for JavaScript

Effective Unit Testing 0:05:08

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Open-source and hosted 0:11:57

Open-source and hosted fuzz testing

Fuzzing in Jest 0:28:55

Fuzzing in Jest - One Unified Workflow for Functional and Security Testing

Fuzzing Java Applications 0:02:12

Fuzzing Java Applications With CI Fuzz | Gradle

CI Rewind - 0:40:10

CI Rewind - Introduction to JavaScript Fuzzing

Going Beyond Unit 0:42:45

Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing

Комментарии
Автор

how can I get coverage using cifuzz/jazzer docker?

danya