Applied Source Code Fuzzing
A complete course that teaches you fuzzing of C, C++ and Python code.
Abstract

This course teaches you the foundations of fuzzing and how to apply it on real-world complex software. The course provides a deep and comprehensive view of modern fuzzing, and there is a lot of material to cover. We do not just show how to run a few commands - we go deep into the code of targets and fuzzers, with the goal of finding bugs in real-world projects and more. This course will teach you in-depth and pragmatically how to fuzz, and following completion of the course you will be able to apply your skills professionally at a high level.

The course is heavily focused on real-world connection, and because of this you will be fuzzing many real-world projects in the course. You will learn how to surgically target your analysis towards specific parts of the application you are analysing, and do so against some of the most complex applications in the world such as Chromium.

Throughout the course you have several exercises and assignments. The assignments ask you to fuzz real-world software and you receive personalised feedback on your work. In addition to this, you can ask the instructor any question at any stage in the process, ensuring you have maximum flexbility to learn in your own manner and at your own pace.

Course Objectives
Learning Objectives

Understand the foundations and background of modern fuzzing

Understand the concepts behind bug-finding techniques such as sanitizers

Get hands-on experience with writing fuzzers for a range of diverse software applications, e.g. parsers, languages, browsers and databases

Understand the concepts mutation-based fuzzing, generation-based fuzzing, in-memory fuzzing, feedback-based fuzzing, coverage-guided fuzzing

To be able to fuzz efficiently with corpus selection, dictionaries and fuzzing visualisations

To perform complex structure-aware fuzzing, including grammar-based fuzzing and fuzzing of state-full applications

To get hands-on experience with writing fuzzers for real-world applications

Prerequisites

In the course we will be reading a lot of C/C++ code, so it is expected that students are familiar with reading source code in these languages and also writing small applications.

Who should attend?

Software developers

Security engineers

Vulnerability researchers

Red team professionals

Program analysis researchers

Course Syllabus

The course is divided in the following main sections. Each section is composed of a myriad of videos, notes, exercises, assignments and other forms of interactive learning.

Introduction to fuzzing
This section introduces and gives an overview of the course. We cover some high-level topics around fuzzing and the goal is to give an intuition for the concepts behind fuzzing that can then be used during the hands-on approach throughout the course.
Modern coverage-guided fuzzing
Coverage-guided fuzzing is the de facto standard for fuzzing. This section gives a complete end-to-end introduction to modern coverage-guided fuzzing. This includes writing a first set of initial simple fuzzers, understanding how bugs are detected and finally integrating fuzzing into a real-world project that has been developed for many years.
Efficient and effective fuzzing
This section builds on the previous section by going into important techniques that can make your fuzzing more effective. During the presentation of the techniques we will remain focused on applying these to real-world projects.
Structure-aware fuzzing
This section covers the concepts of structure-aware fuzzing. The emphasis on structure-aware fuzzing is to apply the ideas of fuzzing in contexts where the input to our target is highly structured data. We will cover several concrete structure-aware techniques, including grammar-based fuzzing.
In-depth case studies
From the very beginning of the course we apply fuzzing on real-world projects. However, some real-world projects are so complex that they deserve more attention and the goal of this section is to cover these exact projects. This section will go into more details with complex targets and show how the techniques we have covered throughout the course are materialised in modern real-world complex applications.
Fuzzing managed languages: Python
This presents fuzzing of managed languages focusing on Python. This includes what type of bugs to expect when fuzzing Python, how to analyse native extensions and more.
Further studies and outlook
This section concludes the course by summarising the topics covered as well as discussing further avenues of study.
You get

Lecture videos

Lecture notes

Hands-on exercises of varying difficulty

24/7 access to platform and self-paced course

6 months subscription to online training platform

Instructor support throughout entire course

Course updates during subscription period

Looking to train your entire team?

ADA Logics offers business solutions that allow you to easily manage the training of your entire team.

To know more, get in touch now.

Contact Sales
Have a question about this course?

Get in touch today with any questions that you might have.

Contact Us