Skip to content

Files

Symbolically Executing a Fuzzy Tyrant

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Symbolically Executing a Fuzzy Tyrant

Code reviewers and penetration testers are familiar with the normal dynamic and static application security tools (DAST|SAST). These tools can provide varying levels of coverage with varying levels of false/true positives. However, there are other classes of tools that can provide deeper understanding and more vulnerabilities in the same amount of time as traditional tools. This talk covers two such classes: (smart) fuzzers and symbolic execution. As a practicum, it is focused on every-day scenarios that normal security analysts face, rather than theoretical attacks in an academic setting. The author’s current setup is provided as an example.

Presented at

Resources

Authors

  • Stefan Edwards