Fuzzing Essentials: Training for Federal Employees and Contractors


Remote | November 9 - 10, 2021
Registration Deadline: October 29, 2021



Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Overview

Mayhem is a powerful Dynamic Security Testing framework that provides automated testing and analysis to find critical security bugs, thereby preventing potential exploitation by attackers. All software vulnerabilities that Mayhem finds have a corresponding test case and there are no false positives.

Integrating Mayhem into your DevOps or DevSecOps process can provide high levels of software assurance and help produce stable and secure software.

Cost

This training is offered free of charge to Federal employees and Federal contractors. 

Certification

All attendees who complete both days of training and all lab exercises will receive a Certification of Completion of the Fuzzing Essentials course, issued by ForAllSecure.

Required Skills

  • An understanding of Linux and the ability to use Linux. We assume all participants can use the command line to run programs, set environment variables, edit scripts, etc.
  • Moderate C programming experience within Linux. Participants should be able to understand C source code, edit source code with either vim, emacs, or nano, and compile code in Linux.
  • Background in binary analysis and vulnerability research is preferred but not required.

Objectives

In this training course, you will learn how to use Mayhem, a tool for automatically checking software for critical security bugs with zero false positives.

Mayhem performs dynamic analysis, which means it runs the program to find bugs, vulnerabilities, and other issues we refer to as defects. Mayhem runs on the program binary executable, and not the source code, to ensure that all defects found are in the code that executes, not just the source code that was compiled.


Questions or comments? Contact [email protected]

Registration

Need assistance? Contact [email protected]

By the end of this course, you will learn how to:

  1. Understand the science behind Mayhem, specifically:
    1. Understanding dynamic analysis, its importance in software security and how it compares to static analysis.
    2. Defining fuzzing and how Mayhem uses fuzzing to generate inputs to find defects and test a program.
    3. Defining what code coverage is, and why it is measured.
    4. Learning about symbolic execution, a powerful dynamic program analysis technique rooted in formal program analysis.
    5. Formulating how Mayhem combines these techniques for an efficient and user-friendly approach to dynamic analysis.
  1. Run Mayhem on executable (aka “binary”) programs, specifically:
    1. Understand the Mayhem workflow and UI
    2. Package up applications for Mayhem analysis
    3. Run continuous testing on new revisions of software
    4. Identify code that is Mayhem-compatible
    5. Focus Mayhem on specific code regions of interest.

This course has a strong lab component, where participants will interact with Mayhem. Answers for each section will be provided with explanations and references so that users may walk through the labs at home without instructor assistance.

Mayhem Outline 01 crop.png

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Left Column

Lorem, ipsum dolor sit, amet consectetur adipisicing elit. Accusamus animi nisi sunt fugiat adipisci praesentium rerum explicabo, nostrum, vel porro rem unde, cum ut repudiandae iste, amet ad. Iure, iste!

Totam esse aut perspiciatis autem nam, debitis:

  • Obcaecati quae odio ut recusandae officia, in, vitae esse quidem blanditiis sit, nostrum neque nulla vero aliquid tenetur suscipit dolor ea voluptate.
  • Accusantium, officiis asperiores impedit nam! Reiciendis assumenda illo, vel tempore, iusto animi.
  • Quo asperiores ad quidem consectetur error perspiciatis ullam repellendus.
  • Est alias tempore, assumenda quaerat ullam, consequatur, quo aliquid quos officiis doloremque sed animi reiciendis rerum delectus voluptas dolorem aspernatur in. Odit!
  • ui quo praesentium voluptatum delectus sequi.

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Left Column

Quasi qui ducimus fugit eos odit tempora ex nulla tempore, placeat accusantium, explicabo ratione rem voluptatum itaque alias deserunt exercitationem neque dolores repudiandae corporis, quas nemo nostrum debitis. Repudiandae nobis cumque nesciunt iste, dolorum sapiente, impedit nihil voluptatibus, eligendi nisi qui libero commodi magnam.

Right Column

Top content area. Lorem ipsum dolor sit amet consectetur adipisicing elit. In molestiae esse, sit accusamus ab doloremque tempora maiores officia, odit atque.

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Bottom content area. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Nostrum inventore magni facilis suscipit odit unde rerum temporibus nesciunt illo tenetur.

Quad Section


Quad 1 Title

Lorem ipsum, dolor sit amet consectetur adipisicing elit. Temporibus, et, excepturi atque nisi commodi iusto ipsum illum fugit hic necessitatibus similique eum doloremque repellendus nostrum fuga, quod? Neque, amet, ea.

Quad 2 Title

Lorem ipsum dolor sit amet consectetur adipisicing elit. Quaerat dignissimos libero quibusdam adipisci deleniti quae quidem temporibus aliquid sunt. Earum repellat officia, nesciunt dolorem ipsum temporibus aspernatur illo non iusto!

Quad 3 Title

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quos, ab, aspernatur nemo neque omnis architecto modi id dolores alias quaerat quod similique consequuntur, dolore aperiam autem delectus! Dignissimos, fuga, ratione?

Quad 4 Title

Lorem, ipsum dolor sit amet consectetur adipisicing elit. Aspernatur aut enim, odio vitae incidunt deleniti sit voluptatibus, reiciendis molestiae! Dolorem ratione tenetur, aliquid temporibus sunt laborum optio possimus harum ea.

"Mayhem allows our engineers to easily get started with fuzz testing and find software flaws without knowing much about fuzzing. The learning curve of new tools can be steep, and Mayhem made it as frictionless as possible for our engineers to start finding bugs and gain more assurance in our software."

Evan Johnson, Head of Product Security at Cloudflare

“Mayhem’s fuzzing tech is unlike any platform I’ve worked with before -- in the best ways possible. Through their native symbolic execution engine in conjunction with their fuzzers, we can feed native binaries that run at our edge and perform behavior analysis at scale."

David Haynes, Security Engineer at Cloudflare

"Integrating Mayhem into our development process was a breeze, only taking a few minutes to configure and deploy. With great documentation and advanced features not normally found in other platforms, such as network target fuzzing, Mayhem allowed us to easily expand automate testing that would have taken significantly more effort with other solutions"

Alessandro Ghedini, Systems Engineer

Named to

Winner of

Showcased at

Speakers Section


David Brumley
CEO and Co-founder
David co-founded ForAllSecure to automatically check and protect the world's software. ForAllSecure's products are based upon over 10 years of his research in program analysis.
Alex Rebert
Co-founder and Head of Innovation
Alex is a computer security researcher, specializing in automated program analysis and bug finding.
Thanassis Avgerinos
Co-founder and VP of Engineering
Thanassis is an expert in program analysis, testing, and software security with over a decade of operational and academic experience.
Jeff Whalen
VP of Product
Jeff brings more than a dozen years of product experience to ForAllSecure, where he serves as the Vice President of Product Management.
Jonathan Doe
Title Here
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda recusandae tenetur quae amet itaque omnis? Modi, rem voluptates, corrupti quisquam quia eum laborum exercitationem fuga tempora dicta quaerat animi asperiores!
Jonathan Doe
Title Here
Lorem ipsum, dolor sit, amet consectetur adipisicing elit. Doloribus aliquam quisquam soluta molestias architecto temporibus, omnis cupiditate perferendis aut est saepe iste harum odit, atque quod nam cumque dolore error.