Name: Knowing the Unfuzzed and Finding Bugs with Coverage Analysis
Start: 2020-12-09T18:30:00Z
End: 2020-12-09T18:31:06.000Z
Location: BrightTALK
Rating: 0

ForAllSecure introduces Mayhem, an advanced fuzz testing solution, that continuously uncovers defects at unprecedented speed, scale, and accuracy.

Fast, shift-left, actionable negative testing continues to be a crucial step in validating and securing the world's APIs. Testing manually or as part of validation for release candidates is no longer an option: testing needs to be included as part of the developers daily workflow to ensure that issues are caught early and resolved in a timely manner.
In this webinar, we'll show you how you can use ForAllSecure's Mayhem for API tool not only to test your APIs, but to include API testing in your CI/CD pipeline and regularly generate test runs and results, keeping your APIs - and your business - safer and more secure.

API Testing in the CI Pipeline

As engineering teams move faster and faster, we’ve seen application security “shift left” - with testing done earlier and earlier in the development lifecycle.  But the way teams test hasn’t changed - we’re still in a land of false positives, vetting applications against known vulnerabilities, and bracing ourselves for emergency patching when the next zero day hits.

By thinking like a hacker when testing applications - you can automatically find exploitable vulnerabilities and fix them while your code is still in development -- giving you stronger security while also increasing velocity

In this talk, we’ll discuss: 
The benefits (and limitations) of current approaches to application security
Balancing security and development velocity - how to build win/win scenarios
Setting realistic targets for application security programs based on known risks
Adopting a hacking mindset to help developers increase velocity and security both 
Using techniques like fuzzing and symbolic execution to ‘hack’ your applications in your own development pipeline

Think like a Hacker: How to Get ahead of Zero Days.

ForAllSecure presents FuzzCon TV, a fuzzing fireside chat with industry experts and leaders sharing their insight on everything fuzzing. Each episode we’ll dive into a multitude of fuzzing topics and answer burning questions from our viewers!

Joining us this on this episode of FuzzCon TV we have:
-Chris Clark, Sr. Manager Embedded Ecosystems at Synopsys (https://www.synopsys.com/software-integrity.html)
-Dr. Jared DeMott, CEO & Founder of VDA Labs (https://vdalabs.com/)
-Billy Rios, Founder of Whitescope, LLC (https://whitescope.io/)

FuzzCon TV: Episode 1 - Introduction to Fuzz Testing

Join Dr. David Brumley, CEO of ForAllSecure, as he shares a proven method known as fuzz testing for achieving both development speed and code quality. In this session, viewers will learn:

-How to add continuous fuzz testing to their shift-left strategy. 

-How fuzz testing can help organizations not only develop quickly and securely but also manage inherited risk from developers’ software supply chain.

-Real-world use cases on how fuzz testing is used to secure Dockerized applications.

Achieve Development Speed and Code Quality with Behavior Testing

Continuous fuzzing has become a hot security trend among tech behemoths like Google, Microsoft, and more. Dr. David Brumley will share his research on the synergistic power of guided fuzzing from his research at Carnegie Mellon University.

After this session you will be able to:

- Describe how users can more quickly reach the scale and computing service required to bear the benefits of fuzzing.

-Share how automating high-effort manual tasks, such as vulnerability and risk management, will allow security engineers and developers to focus on problem-solving and innovation.

-Outline how organizations can start efficiently and effectively continuously fuzzing within their own team.

-Explain the origin of fuzzing, outline use cases for this method of dynamic negative testing, and provide insight into how DevSecOps can leverage fuzzing for scale.

Continuous Fuzzing: The Trending Security Technique

ForAllSecure presents FuzzCon TV, a fuzzing fireside chat with industry experts and leaders sharing their insight on everything fuzzing. Each episode we’ll dive into a multitude of fuzzing topics and answer burning questions from our viewers!

In this episode, we explore fuzz testing as a security solution within the automotive industry.

Moderator - Chris Clark, Senior Manager - Automotive Group, Synopsys
Guests -
-- Michael Maass, Cybersecurity Lead - Motional
-- Suchit Mishra, Global Technology Executive in Mobility & Security
-- Rob Southern, Infotainment & Cluster Cyber Security Lead - Fiat Chrysler Automobiles

FuzzCon TV: Episode 3 - Auto Fuzz

Learn how Mayhem, ForAllSecure's advanced fuzz testing solution, seamlessly integrates into Jenkins and Travis-CI toolsets. All of the concepts we will use were covered in the previous webinar "Getting Started using Mayhem with Continuous Integration".

Integrating Mayhem with Jenkins and Travis-CI

A step by step guide on how Mayhem, ForAllSecure's advanced fuzz testing solution, works with continuous integration to help secure your software.

Getting Started Using Mayhem with Continuous Integration

ForAllSecure presents its vulnerability discovery webinars (FASTR) demonstrating how Mayhem, an advanced fuzz testing solution, combines the tried-and-true methods of guided fuzzing with the ingenuity of symbolic execution, continuously uncovering defects at unprecedented speed, scale, and accuracy.

Join ForAllSecure Director of Solutions, Richard Bae, for the second installment of the FAS.T.R. webinar series as he dives into uncovering memory defects in cereal.

ForAllSecure Threat Research (FASTR): Uncovering Memory Defects in cereal

If you’re already doing software testing, you’re ahead of the bad actors. But are you using the best application security testing solution?.

Advanced Fuzz Testing: Good, Better, Best Software Testing

Security and development teams reduce risk by automatically and accurately uncovering defects using Mayhem, an award-winning fuzzing solution. How does Mayhem work? Watch the demo with Mel Llaguno, Commercial Solutions Lead, to find out!  

In this 30-minute demo, you'll learn:

- Common gaps left behind in application security programs
- Strategies for elevating your security and development trajectory
- How ForAllSecure can help security and development teams reach their full potential

Advanced Fuzzing with ForAllSecure Mayhem

ForAllSecure presents FuzzCon TV, a semi-monthly fireside chat with industry experts and leaders sharing their insight on everything fuzz testing. Each episode we’ll dive into a multitude of fuzzing topics and answer burning questions from our viewers!

Episode 2 - Fuzzing Federal
Moderated by ForAllSecure's Matt Venditto -- Head of Federal Sales
Guests: 
Jonathan Butts - Founder at QED Secure Solutions
Joe Jarzombek - Director for Government, Aerospace & Defense Programs at Synopsys Inc
Zach Walker - DIU Texas Lead at Defense Innovation Unit

FuzzCon TV Ep 2: Fuzz Testing in Federal

ForAllSecure Threat Research (FAS.T.R.) presents its vulnerability discovery webinars demonstrating how Mayhem, an advanced fuzz testing solution, combines the tried-and-true methods of guided fuzzing with the ingenuity of symbolic execution, continuously uncovering defects at unprecedented speed, scale, and accuracy.

Join ForAllSecure Director of Solutions, Richard Bae, for the first installment of FAS.T.R. vulnerability discovery webinars as he dives into the discovery of zero-day vulnerabilities in web servers.

ForAllSecure Threat Research: Discovering 0-Day Vulnerabilities in Web Servers

Advanced Fuzz Testing with ForAllSecure Mayhem

The rise in fuzzing has resulted in bugs getting found and fixed at an amazing rate. But it has raised some new questions: how do we find good fuzz targets quickly, and what is left to fuzz? These questions require tools and workflow that remain uncommon among software developers and security researchers alike, and one potential solution is in automated coverage analysis.

This motivation drove the development of bncov, an open-source coverage analysis plugin for Binary Ninja that enables scripting and the construction of tools to help you get the most bang for your fuzz-buck.

Mark Griffin is a researcher who has always been interested in working on difficult problems and always finding new ways to get the job done better. He’s been working in computer security for over 10 years, and in that time has realized he enjoys work more when he doesn’t have to use chopsticks to dig a ditch.

Knowing the Unfuzzed and Finding Bugs with Coverage Analysis

Risk Management

DevOps

Vulnerabilities

Vulnerability Management

Application Management

Application Security

Continuous Testing

Code Coverage

DevSecOps

CICD

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

Get powerful manufacturing insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on strategies and techniques to accelerate production cycles while increasing efficiencies and improving profitability.

Manufacturing

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Knowing the Unfuzzed and Finding Bugs with Coverage Analysis

Presented by

About this talk

More from this channel