Online-Meet March: Feedback Based Testing for Open Source Projects

Fuzzing for Everyone – Feedback Based Application Testing for Open Source Projects

Currently, fuzz testing is the most effective method to automatically identify vulnerability and stability issues in software, especially network services and embedded applications. For instance, Google is cited to find more than 80% of their bugs with fuzzing alone in contrast to all other testing approaches. However, only a few tech-leading companies have implemented fuzzing as part of their development process yet. But now the technology is also becoming increasingly popular among open source developers.

In this meetup, we will discuss the usability aspects of fuzzing compared to other testing approaches. (e.g. SAST, like SonarQube, or behavioral code analysis, like CodeScene)

Panel guests: Sergej Dechand (Code Intelligence), Adam Tornhill (CodeScene), Michael Kutz (Agile QA Cologne), Stefan Scheidt (Softwerkskammer Köln)

In this Meetup you'll learn:

1. The basics of modern fuzz testing
2. The strengths and differences between static-code-analysis (SAST), dynamic-code-analysis and (DAST) and feedback-based-application-testing (FAST)
3. How to detect CVEs in open-source software in just a couple of minutes, using modern fuzz testing approaches.

Agenda
18:00 to 18:15: Welcome!
18:15 to 19:00: Introduction to modern fuzz testing
19:00 to 19:30: CVE hunting with fuzzing (with live-demo)
19:30 to 19:45: Q&A Session
19:45 to 20:30: Panel Discussion: "Usability aspects of fuzzing compared to other testing approaches" (Sergej Dechand / Adam Tornhill / Michael Kutz / Stefan Scheidt)
20:30 to 21:00: Networking

Language
This Meetup will be in English

About Sergej Dechand
Sergej Dechand is CEO and co-founder of Code Intelligence. He is an expert in usability aspects of IT security. Sergej has 10 years of experience in software development, software testing, IT security and academic publishing. Before founding Code Intelligence with his colleagues in 2018, he worked as an external IT consultant and as a project manager at Fraunhofer FKIE.

This online event is sponsored by Code Intelligence - Thank you so much!

Follow our panel guest on Twitter!

• Sergej Dechand https://twitter.com/serj_de
• Adam Tornhill https://twitter.com/AdamTornhill
• Michael Kutz https://twitter.com/MichaKutz
• Stefan Scheidt https://twitter.com/stefanscheidt

Links:

• Code Intelligence https://www.code-intelligence.com/
• Feedback-based application testing https://blog.code-intelligence.com/the-magic-behind-feedback-based-fuzzing
• Codescene https://codescene.io/
• SonarQube https://www.sonarqube.org/