filmov
tv
CppCon 2017: Kostya Serebryany “Fuzz or lose...”
Показать описание
Fuzz or lose: why and how to make fuzzing a standard practice for C++
—
—
Fuzzing is a family of testing techniques in which test inputs are generated semi-randomly. The memory unsafety of C++ has made fuzzing a popular tool among security researchers. Fuzzing also helps with stability, performance, and equivalence testing; and it’s a great addition to everyone’s CI.
Our team has launched OSS-Fuzz, the Google's continuous fuzzing service for open source software, and a similar service for our internal C++ developers. Over 1000 C++ APIs are being fuzzed automatically 24/7, and thousands of bugs have been found and fixed.
Now we want to share this experience with the wider C++ community and make fuzzing a part of everyone’s toolbox, alongside unit tests. We will demonstrate how you can fuzz your C++ library with minimal effort, discuss fuzzing of highly structured inputs, and speculate on potential fuzzing-related improvements to C++.
—
Kostya Serebryany: Google, Software Engineer
—
*-----*
*-----*
—
—
Fuzzing is a family of testing techniques in which test inputs are generated semi-randomly. The memory unsafety of C++ has made fuzzing a popular tool among security researchers. Fuzzing also helps with stability, performance, and equivalence testing; and it’s a great addition to everyone’s CI.
Our team has launched OSS-Fuzz, the Google's continuous fuzzing service for open source software, and a similar service for our internal C++ developers. Over 1000 C++ APIs are being fuzzed automatically 24/7, and thousands of bugs have been found and fixed.
Now we want to share this experience with the wider C++ community and make fuzzing a part of everyone’s toolbox, alongside unit tests. We will demonstrate how you can fuzz your C++ library with minimal effort, discuss fuzzing of highly structured inputs, and speculate on potential fuzzing-related improvements to C++.
—
Kostya Serebryany: Google, Software Engineer
—
*-----*
*-----*
0:30:37
CppCon 2017: Kostya Serebryany “Fuzz or lose...”
0:59:15
CppCon 2015: Kostya Serebryany “Beyond Sanitizers...”
0:04:24
The amazing disappearing, reappearing trigraphs... - Paul 'TBBle' Hampson [ CppCon 2017 ]
0:38:29
2017 LLVM Developers’ Meeting: K. Serebryany “Structure-aware fuzzing for Clang and LLVM with ...”...
0:04:59
CppCon 2017: Mikhail Matrosov “Refactor or die”
0:58:31
CppCon 2017: Sergey Ignatchenko “Ways to Handle Non-blocking Returns in Message-passing Programs...”...
0:20:24
USENIX Enigma 2016 - Sanitize, Fuzz, and Harden Your C++ Code
0:38:25
CppCon 2017: Rich Geldreich & Stephanie Hurlburt “The Future of Texture Compression”
0:04:51
Simple Solutions for High Performance: StaticFlatMap - Daniel D. Duvilanski [ CppCon 2017 ]
0:03:44
Fuzzing for Security and Stability with Konstantin Serebryany
0:48:40
C++Now 2018: Marshall Clow “Making Your Library More Reliable with Fuzzing”
1:01:51
CppCon 2014: Kostya Serebryany 'Sanitize your C++ code'
0:31:27
CppCon 2018: Kostya Serebryany “Memory Tagging and how it improves C/C++ memory safety”
0:30:59
CppCon 2017: Charles Bailey “Enough x86 Assembly to Be Dangerous”
0:16:19
GTAC 2016: Finding Bugs in C++ Libraries Using LibFuzzer
1:28:19
CppCon 2017: Panel “Grill the Committee”
0:31:18
CppCon 2017: Sven Over “folly::Function: A Non-copyable Alternative to std::function”
0:40:19
2015 LLVM Developers’ Meeting: K. Serebryany & P. Collingbourne 'Beyond Sanitizers...'...
1:13:45
CppCon 2017: Charles Bay “The Quiet Little Gem in Modern C++: <system_error>”
0:43:35
USENIX Security '17 - OSS-Fuzz - Google's continuous fuzzing service for open source softw...
0:22:11
coverity and oss-fuzz issue solving common patterns for solving reported issues
0:30:43
2018 LLVM Developers’ Meeting: K. Serebryany “Memory Tagging, how it improves C++ memory safety...”...
0:20:16
Moritz Gronbach - What's the fuzz all about? Randomized data generation for robust unit testing
0:41:21
Fuzzing Class Interfaces for Generating and Running Tests with libFuzzer - Barnabás Bágyi - CppCon...
Комментарии