MSDN Webcast: Security Talk: File Fuzzing for Fun and Profit (Level 300)
MSDN Webcast: Security Talk: File Fuzzing for Fun and Profit (Level 300)
Event ID: 1032453067
Language(s): English.
Product(s): Other.
Audience(s): Pro Dev/Programmer.
Fuzzing, a required security practice in the Verification Phase of the Microsoft Security Development Lifecycle (SDL), is the most commonly used method for finding security flaws in software, but fuzzing can also be used by development teams to find and fix security holes before deployment. File fuzzing is a simple concept that is too often overlooked as a way to better secure applications that receive file input. In this webcast, we explain how file fuzzing works, but mainly we focus on how to do file fuzzing practically, using both home-made and commercially available tools. We show you how to generate the input and automate the testing process. We also discuss the feasibility of covering entire search spaces and the various aspects and trade-offs of choosing different attack vectors.

Presenter: Aviram Jenik, CEO, Beyond Security

Aviram Jenik has 17 years of experience in the computer security field. From the early days of computer viruses, he was interested and involved in the fields of encryption, security vulnerabilities detection, and related research. He worked as a programmer, team leader, and project manager in several startups before cofounding Beyond Security in 1999. Aviram has a bachelor's degree in computer science with a major in cryptography and a Master of Business Administration (MBA) from T.A. University with majors in strategy and entrepreneurship. Beyond Security is a tool member of the Microsoft SDL Pro Network.

If you have questions or feedback, contact us.
Register for event
Duration: 1 hour(s)
View online
Register