The Importance of Fuzzing for Network Protocols - Seguridad Mania.com - España y América Latina

Most security issues are triggered by misuse - and there are an infinite number of ways to misuse a system. Given that you don’t have an infinite amount of time to test for security issues, how will you know when a product is safe enough to ship or deploy? Description (paragraph): Most security issues are triggered by misuse—and there are an infinite number of ways to misuse a system. Given that you don’t have an infinite amount of time to test for security issues, how will you know when a product is safe enough to ship or deploy? After you’ve analyzed the source code, the next step is to test its dynamic behavior using invalid input testing (fuzzing) that closely imitates what a hacker would do. Fuzzing provides a final test-run before rolling out to avoid costly bug fixes and product recalls. Network devices must be able to handle malicious inputs on their interfaces and protocols. Defensics is a model-based stateful protocol fuzzer that is based on popular specifications and has millions of malformed inputs to cover misuse cases that can trigger critical unknown vulnerabilities. Join us as we discuss the importance of fuzzing for network protocols and address its use cases: Development. Complement SAST methods by integrating fuzzing into CI/CD Quality assurance. Perform QA with enhanced test coverage in a manageable time Security. Uncover zero day and unknown vulnerabilities before they turn costly Procurement. Ensure robustness, quality, and security of software and devices before introducing them into IT/lab environment