logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jeremy Matos
2022-10-25

tldr - powered by Generative AI

Using Go Fuzzing to improve the test coverage of security helper libraries and gain confidence in their effectiveness
  • Security helper libraries can be hard to unit test as they need to ensure 'bad' inputs are not considered valid
  • Go Fuzzing can be used to identify corner cases and improve test coverage
  • A real-life example of a path traversal vulnerability in Grafana OSS is used to demonstrate the effectiveness of Go Fuzzing
  • Writing predicates for Go Fuzzing can be challenging as the validation logic becomes more complex
  • Once trusted security helpers are identified, they should be communicated and enforced through static analysis tools