32
events were organized by JUG Switzerland during 2024 so far.

Events

Fabian is a software engineer at Code Intelligence, where he focuses on the development of fuzzing technologies with a special focus on memory-safe languages and OSS security. He led the efforts to open-source the company’s Java fuzzer Jazzer and has since been its lead maintainer. He is also an avid contributor to other open-source projects such as Bazel, Chromium, and the Android Password Store. A mathematician by education, he always enjoys speaking at conferences and workshops.

Twitter: @fhenneke

26.04.2022

Fuzzing Java with Jazzer

LOCATION: Online
KEYWORDS: Concept, Open Source, Technology, Tools

AGENDA:18:00 - 19:00h CEST: Talk incl. Q/A. Afterwards voluntary online video chatting with each other and the speaker in our Wonder.me room.

SPEAKER: Fabian Meumertzheim   COMPANY: Code Intelligence
SLIDES: 220426_Fuzzing_Java_with_Jazzer.pdf

Large tech companies such as Microsoft and Google are relying on fuzzers more and more to automate finding security issues in their software. In 2019, Google found the majority of potential security issues in Chromium via fuzzing - over 18,000 bugs in total.

Here, a fuzzer is a tool that rapidly feeds generated data into a specified entrypoint of an application or library with the aim of triggering bugs and security issues. Modern fuzzers use sophisticated instrumentation techniques to receive information about the code they execute and mutate the input data accordingly. 

In this session, you will learn the basic concepts behind fuzzing and get to know Jazzer, a state-of-the-art fuzzer for JVM-based languages, via real world examples. Whether it’s bypassing an XSS sanitizer, making servers grind to a halt with very small protobuf messages, or even reproducing Log4Shell, you will see how easy it is to automatically search for security issues and bugs in open-source libraries.

LEVEL OF TALK: Intermediate
LANGUAGE: Talk: en / Slides: en

Fabian is a software engineer at Code Intelligence, where he focuses on the development of fuzzing technologies with a special focus on memory-safe languages and OSS security. He led the efforts to open-source the company’s Java fuzzer Jazzer and has since been its lead maintainer. He is also an avid contributor to other open-source projects such as Bazel, Chromium, and the Android Password Store. A mathematician by education, he always enjoys speaking at conferences and workshops.

Twitter: @fhenneke

LEVELS:

BEGINNER
The presented topic is new to the audience or only little and superficial experience exists. This talk will mainly cover basic aspects of the topic and not go into much detail.

INTERMEDIATE
The presented topic is known to the audience, serious practical experience is expected. This talk might cover some basic aspects of the topic, but will as well go into depth and details.

ADVANCED
The presented topic is well-known to the audience, serious practical experience and a deep understanding are required. This talk will not cover basics of the topic, but will go into depth, might discuss details, compare different approaches, and so on.

ALL
The topic presented is of interest to all levels and does not require any special prior knowledge.

top

Supporting members

Platin

Gold

Silver

 
 

 

About

JUG Switzerland aims at promoting the application of Java technology in Switzerland.

JUG Switzerland facilitates the sharing of experience and information among its members. This is accomplished through workshops, seminars and conferences. JUG Switzerland supports and encourages the cooperation between commercial organizations and research institutions.

JUG Switzerland is funded through membership fees.

Design
Partner

 

Contact

Java User Group Switzerland
8000 Zürich
info@jug.ch

© Java User Group Switzerland