100 Million Inputs or It Didn’t Happen! Effective Fuzz Testing for Embedded Software (R20c)
Fuzz testing (fuzzing) is the process of automatically finding security vulnerabilities and stability issues in software by testing millions of inputs. This makes fuzzing the perfect tool for continuous vulnerability handling, regular security tests, and input validation. However, for embedded systems specifically, fuzzing is notoriously difficult. So which shortcuts does the industry take to fuzz test embedded software? Can the speakers even consider some of this (effective) fuzz testing? This talk provides rare insights from the perspective of an embedded cybersecurity specialist and leading researcher on effective fuzzing of embedded software. These impulses can help notified bodies assess fuzzing-based security testing practices. the speakers will also discuss brand-new innovations in the field to bring effective fuzz testing to embedded software.