|
|
NCSI protocol fuzzer on an embedded security engine – process & lesson learned |
|
One of the basic mitigations to security attacks on software is proper input validation. When input is provided via a communication protocol or via a file holding complex data structure, it is infeasible, from time and resources aspects, to deterministically create all the corner cases that may arise and should be tested. These limitations mean that we may release software with exploitable weaknesses in the code. Fuzzing is a test technique that can reduce this risk. Fuzzing of an embedded system pose a few challenges that do not exist in regular applications (applications that run on a full-fledged OS).
Join Dor Levy's Talk In this talk we start with a short review of fuzzing Then continue to describe the challenges of fuzzing We then review a fuzzing project implemented |
|
|
|
|
|
|
