I'm super excited (and humbled) that our training, "An Introduction to Fuzzing," was accepted at BSides Charm 2023. Both myself and my co-instructor, Ryan O'Neal, will be up in Towson, Maryland, on April 30th. Tickets are live on the BSides website for $30. Training is free if you have a ticket. We hope to see you there!
I'll post the slides and materials on GitHub after the course for anyone interested but unable to attend. Details below.
Fuzzing is still one of the leading methods for finding vulnerabilities in applications. And it doesn’t have to be hard. This course gives both a high-level overview on the theory of fuzz testing as well as concrete practical exercises. Students will learn how to fuzz real-world applications to uncover actual software vulnerabilities in applications still shipped in 2023.
Sean Deaton is an alumnus of the United States Military Academy (B.S. 2017) and Georgia Tech (M.S. 2021), where he studied Computer Science. He is a strong proponent of security in open source software and loves fuzzing.
Ryan O’Neal is a vulnerability researcher employed by the US Army. His research focuses on static analysis, symbolic execution and fuzzing, and he draws upon his experience as a web developer, cloud application developer and devops engineer to create innovative solutions. His passion is discovering and developing new techniques to address difficult questions in program security, and seeing which databases are vulnerable to SQL injection by entering his last name.