Victor Marginean from Argus Cyber Security will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces. He will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs. Victor presented this talk at FuzzCon Europe - Automotive Edition 2022. Learn more about this and more talks at fuzzcon.eu.

In their talk, René Palige and Rosemary Joshy from Continental will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes. They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.

In this talk, Andreas Weichslgartner from CARIAD will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.

Li Yuekang from NTU Singapore, & Dr. Sheikh Mahbub Habib from Continental present this talk. Software testing typically requires these three steps: Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task. However, through industry practice, they find that target program execution can be challenging for libraries or IoT software.

FuzzCon Automotive is an uprising application security testing conference, bringing together developers, DevOps Engineers, and security experts to make automotive software more reliable and secure. Stay tuned for details about the speakers, agenda, and more!

What to Expect CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this live stream, our expert Daniel will: All code examples and tools used are open-source.#c/c++ #fuzzing #security #opensource #automotive

JavaScript is widely used in both backend and frontend applications. Crashes that cause downtime or other security issues are very common in NodeJS packages. Jazzer.js makes it easy for developers to find such edge cases. In this live stream, Norbert will show you how to secure JavaScript applications using the open-source fuzzer Jazzer.js.

In this tutorial, I will show you how to set up and run a fuzz test on a C/C++ application, with the CI Fuzz CLI. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities