Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Code Intelligence

Historical Vulnerabilities in the Automotive Space | FuzzCon Europe - Automotive Edition 2022

In this talk, Andreas Weichslgartner from CARIAD will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.

The Benefits of Negative Testing in Software Testing

In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".

Bridging the Gaps of Grey-box Fuzzing | FuzzCon Europe - Automotive Edition 2022

Li Yuekang from NTU Singapore, & Dr. Sheikh Mahbub Habib from Continental present this talk. Software testing typically requires these three steps: Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task. However, through industry practice, they find that target program execution can be challenging for libraries or IoT software.

Embedded Testing Tools: A Comprehensive Guide

Due to increasing connectivity and dependencies, modern embedded applications in many industries including automotive, aviation, and even automated cow brushes (no joke) are constantly growing more complex. This complexity comes with implications for embedded testing tools and requires plenty of manual effort, depending on the toolchain. From an operational perspective, many embedded industries are tightly staffed and work in long cycles with strict deadlines.

How Can Fuzzing Help Find Bugs in Hardware?

The growing complexity of embedded systems coupled with the advent of increasingly sophisticated security attacks highlights a dire need for advanced automated vulnerability analysis tools. Fuzzing is an effective proven technique to find security-critical issues in systems, often without needing to fully understand the internals of the system under test.

Secure Coding in C and C++ Using Fuzz Testing

Today, I would like to show you to a simplified fuzz testing approach that enables secure coding of C and C++ applications. If you read this article to the end, you will learn about an automated security testing approach for C/C++ that can protect your applications against all sorts of memory corruptions and other common C/C++ vulnerabilities.

Automotive Software - ISO 21434 Compliance Simplified

The modern vehicle comes equipped with a variety of software systems. Especially features that connect it to the outside world, such as online updates, fleet management and communication between vehicles, offer attack surface. The security of automotive software is crucial, not only because bug-induced call-backs are costly, but also because the well-being of passengers depends on it.

Automatically Detect Concurrency Issues in Automotive Software

What to Expect CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this live stream, our expert Daniel will: All code examples and tools used are open-source.#c/c++ #fuzzing #security #opensource #automotive