Exposing Hidden Exploitable Behaviors Using Extended Differential Fuzzing


I created the first differential fuzzing framework to detect dangerous and unusual behaviors in similar software implementations. To prove its effectivity, I found vulnerabilities in multiple implementations of programming language parsers: Java, JavaScript, Perl, PHP, Powershell, Python, and Ruby. This form of fuzzing can work as a practical form of testing to find exploitable vulnerabilities. More undisclosed vulnerabilities will be shown throughout this talk to exemplify how to find issues in general pieces of software. This talk will also include a new special release for Codemotion.

Language: English

Level: Intermediate

Fernando Arnaboldi

Senior Security Consultant - -

Fernando Arnaboldi is a developer and a security consultant who specializes in penetration testing and code reviews on multiple platforms. He has focused his research on breaking the security of different programming languages and has presented his findings in security conferences such as Black Hat USA & Europe, DEF CON, Ruxcon, OWASP AppSec USA & Europe and HITB Amsterdam.

Go to speaker's detail