📥 Download source code and materials: https://academy.fuzzinglabs.com/fuzzi...
In this course, I will fuzz a popular Java library (JSoup) in order to find uncaught Java exceptions. I will explain how to create a fuzzing harness for this target using the Jazzer fuzzer. Then, I will run it and show you what's happening when you trigger crashes.
#Fuzzing #Java #Exception
0:00 Presentation
1:04 Jazzer
2:32 Today's target (JSoup)
3:09 Installation/compilation of Jazzer
3:58 Find a good JSoup API
5:38 Write a Jazzer fuzz target
10:04 Modify the config files
12:45 Run the fuzzer
13:54 First crash (IllegalArgumentException)
15:45 Modify the code to throw this bug
17:36 Storing corpora between each run
19:53 Second crash (NullPointerException)
Further readings:
https://github.com/CodeIntelligenceTe...
https://blog.code-intelligence.com/fu...
https://security.googleblog.com/2021/...
==== 💻 FuzzingLabs Training ====
Rust Security Audit and Fuzzing: https://academy.fuzzinglabs.com/rust-...
C/C++ Whitebox Fuzzing: https://academy.fuzzinglabs.com/c-whi...
WebAssembly Reversing and Dynamic Analysis: https://academy.fuzzinglabs.com/wasm-...
Go Security Audit and Fuzzing: https://academy.fuzzinglabs.com/go-se...
==== 🦄 Join the community ====
https://academy.fuzzinglabs.com/fuzzi...
📡 Socials:
Twitter: / fuzzinglabs
Telegram: https://t.me/fuzzinglabs
TikTok: / fuzzinglabs
Keyword: Fuzzing, Fuzz Testing, Java, Jazzer, Maven, Bazel
Link to this video: • Fuzzing Java code (JSoup) using Jazze...
In questa pagina del sito puoi guardare il video online Fuzzing Java code (JSoup) using Jazzer fuzzer - Java Security della durata di ore minuti seconda in buona qualità , che l'utente ha caricato FuzzingLabs 23 marzo 2021, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 4,796 volte e gli è piaciuto 62 spettatori. Buona visione!