In this coding session, Khaled Yakdan will demonstrate how to secure web applications with fuzzing, and explain how fuzz testing can help you to uncover complex security vulnerabilities, such as Denial of Services (DoS) and Uncaught Exceptions, in your source code.

Content

00:00 Introduction

01:05 Why is it important to secure web applications?

04:20 What is fuzz testing?

06:03 Black-box fuzzing vs white-box fuzzing

10:20 Fuzz testing vs. unit testing

14:50 Useful open-source tools for java fuzzing

16:38 How to create a fuzz test

27:30 How to secure web applications with fuzzing

42:59 CI/CD integration and continuous security testing

44:45 Closing thoughts

Sources:
[1] Challenges of securing web applications
https://www.code-intelligence.com/use-case/fuzzing-web-applications
[2] What is Fuzz Testing?
https://www.code-intelligence.com/what-is-fuzz-testing
[3] What Bugs Can You Find With Fuzzing?
https://www.code-intelligence.com/blog/what-bugs-can-you-find-with-fuzzing
[4] Java Fuzzing With Jazzer (Open-Source)
https://github.com/CodeIntelligenceTesting/jazzer
[5] Khaled Yakdan on Twitter
https://twitter.com/khaledyakdan