Java User Group Switzerland
Postfach 2322 • 8033 Zürich
info@jug.ch • www.jug.ch
Fabian is a software engineer at Code Intelligence, where he focuses on the development of fuzzing technologies with a special focus on memory-safe languages and OSS security. He led the efforts to open-source the company’s Java fuzzer Jazzer and has since been its lead maintainer. He is also an avid contributor to other open-source projects such as Bazel, Chromium, and the Android Password Store. A mathematician by education, he always enjoys speaking at conferences and workshops.
Twitter: @fhenneke
26.04.2022
Fuzzing Java with Jazzer
LOCATION: Online
KEYWORDS: Concept, Open Source, Technology, Tools
| AGENDA: | 18:00 - 19:00h CEST: Talk incl. Q/A. Afterwards voluntary online video chatting with each other and the speaker in our Wonder.me room. |
SPEAKER: Fabian Meumertzheim COMPANY: Code Intelligence
SLIDES: 220426_Fuzzing_Java_with_Jazzer.pdf
Large tech companies such as Microsoft and Google are relying on fuzzers more and more to automate finding security issues in their software. In 2019, Google found the majority of potential security issues in Chromium via fuzzing - over 18,000 bugs in total.
Here, a fuzzer is a tool that rapidly feeds generated data into a specified entrypoint of an application or library with the aim of triggering bugs and security issues. Modern fuzzers use sophisticated instrumentation techniques to receive information about the code they execute and mutate the input data accordingly.
In this session, you will learn the basic concepts behind fuzzing and get to know Jazzer, a state-of-the-art fuzzer for JVM-based languages, via real world examples. Whether it’s bypassing an XSS sanitizer, making servers grind to a halt with very small protobuf messages, or even reproducing Log4Shell, you will see how easy it is to automatically search for security issues and bugs in open-source libraries.
LANGUAGE: Talk: en / Slides: en
Fabian is a software engineer at Code Intelligence, where he focuses on the development of fuzzing technologies with a special focus on memory-safe languages and OSS security. He led the efforts to open-source the company’s Java fuzzer Jazzer and has since been its lead maintainer. He is also an avid contributor to other open-source projects such as Bazel, Chromium, and the Android Password Store. A mathematician by education, he always enjoys speaking at conferences and workshops.
Twitter: @fhenneke
Supporting members
Platin
Gold
Silver
About
JUG Switzerland aims at promoting the application of Java technology in Switzerland.
JUG Switzerland facilitates the sharing of experience and information among its members. This is accomplished through workshops, seminars and conferences. JUG Switzerland supports and encourages the cooperation between commercial organizations and research institutions.
JUG Switzerland is funded through membership fees.
Design
Partner
