Michael Eddington: Demystifying Fuzzers
Augustus Ballroom 3-4
About: Fuzzing is an important part of the secure development lifecycle (SDL) and a popular tool for both defensive and offensive security researchers, consultants, and even software developers. With this popularity comes a plethora of fuzzers both open source and commercial. This briefing takes a look at these different fuzzers and provides insights in to "if" and "what" they should be used for. As the developer for Peach, I am often asked to compare various fuzzers and clarify terms tossed around such as Smart and Dumb fuzzing. Additionally the hidden costs and pitfalls will be addressed.