The process of fuzzing has changed, from multation, to frameworks, and now constraint solvers and genetic algorithms. While pre-written suites and custom one-offs can be good, structured feedback fuzzers are the next generation of dynamic testing tools for native code. In this talk with Dr. Jared DeMott, we cover two of the very best in DAST: Mayhem and MSRD.
It's time to fix your code before attackers exploit it. Though these tools are straightforward to use, it's still not a simple endeavor. We will explain harnesses; how to pick seeds; which portions of the app to target, CI/CD, and more. Finally, we show some of the zero-day vulnerabilities we've been uncovering with these tools.
Dr. Jared DeMott is the Founder of VDA Labs, a full-scope cyber security company. DeMott previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on cyber matters at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, HITB, etc. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the United States Military Academy. Jared is also a Pluralsight author, and is often interviewed by Media to weigh in on cyber matters.