- This event has passed.
Bindle: Automatic Harness Generation for Dynamic Testing
ITEA members will receive credit towards CPE’s. If you are currently not a member you will receive one complimentary webinar. After that the cost to attend is $25. Non-Members register at Lunch & Learn Registration. If you would like to become a member to receive free registrations to our monthly Lunch & Learns, please join today to start receiving your member benefits.
Fuzzing remains the most cost-effective technique for identifying software defects and vulnerabilities. However, using fuzzing tools is still largely the domain of cybersecurity experts. Arguably the biggest barrier to widespread use is that configuring fuzzing tools requires the generation of a “harness” – uniquely developed software to enable the fuzzer to send random (or mutated) inputs to the tested application. A realistic application requires more than one input, likely of different input types (file, network, etc.), while fuzzers are usually only able to generate a single ‘blob’ of bytes. Currently, writing a harness that mediates between a fuzzer and its target application requires complicated scripting technology and reverse engineering of the target. Generating a harness is a time-consuming and difficult process due to the expertise required for its development and the extensive research needed to understand the inputs expected by the target. Another important challenge in the application of fuzzing is the need to provide seed inputs – inputs that exercise some interesting functionality of the tested application, allowing a fuzzer’s mutation to start with some coverage of the application instead of working hard to successfully get past the application’s input validation.
In this presentation, we will describe and demonstrate Bindle, which simplifies the configuration of fuzzers and other input-generation tools such as American Fuzzy Lop (AFL), Mayhem, and symbolic execution engines. The essence of Bindle’s approach is to observe executions of the target application, such as during automated testing, and generate a harness and seed inputs based on the observed data. This greatly reduces the expertise and the time investment required to launch an effective fuzzing campaign.
Register Now! (Members Only)
Did you miss our previous Lunch & Learns? Members can still view the recording under Education> Recorded webinars.
Become a member now to access these recordings.
For a complete list of ALL upcoming Lunch & Learns as well as events visit our Event Calendar.
12 - 12 Apr 2022
1:00 pm - 1:45 pm
Want to Present?Submit abstract submission form to firstname.lastname@example.org
Click here to download the form.
Presentations at ITEA events should:
- Contribute technically sound knowledge in a particular area of test and evaluation; and,
- Not be commercial, marketing, or “infomercial” in nature. The presentation’s introductory slide is the only slide that may contain the presenter's company name and / or logo. Presentations that promote specific companies, organizations, products, or services are strictly prohibited.