| title |
The Smart Fuzzer Revolution |
| date |
2016-11 |
| authors |
Dan Guido |
Artem Dinaburg |
Ryan Stortz |
Peter Goodman |
|
| conference |
BSidesLisbon 2016 |
IT Defense 2017 |
|
| resources |
|
The last two years have seen greater advances in automated security testing than the ten before them. AFL engineered known best practices into an easy-to-use tool, the DARPA Cyber Grand Challenge provided a reliable competitive benchmark and funding for new research, and Project Springfield (SAGE) became available to the public. This talk examines how these tools work and what sets them apart from past approaches, where they excel and their limitations, how to use them today, and how much longer humans have as part of the secure development lifecycle.