logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jeremy Matos
2022-10-25

tldr - powered by Generative AI

Using Go Fuzzing to improve the test coverage of security helper libraries and gain confidence in their effectiveness
  • Security helper libraries can be hard to unit test as they need to ensure 'bad' inputs are not considered valid
  • Go Fuzzing can be used to identify corner cases and improve test coverage
  • A real-life example of a path traversal vulnerability in Grafana OSS is used to demonstrate the effectiveness of Go Fuzzing
  • Writing predicates for Go Fuzzing can be challenging as the validation logic becomes more complex
  • Once trusted security helpers are identified, they should be communicated and enforced through static analysis tools
Authors: Kevin Wall
2021-09-24

Abstract:This talk will explore the lessons that I have learned in more than 20 years of  developing, using, and reviewing FOSS-based security libraries. It will cover the well known XYZ library from both an open source development process and technical architectural perspective.