This year our annual fuzzing event went into the second round, as we hosted FuzzCon Europe 2020. The goal of FuzzCon Europe is to bring application security experts from academia and industry together, to collaboratively drive innovation and define the future of fuzzing.
Although we - for obvious reasons - had to host the event digitally, it was everything we could have hoped for. In this article, we want to look back, and give you an impression of FuzzCon Europe 2020 with its captivating ideas, its engaging talks, and its surprising announcements.
Learnings
Putting together a remote event came with a lot of question marks:
- Will the conference tool work?
- How will the digital format affect the overall tone of the event?
- How can our speakers interact with the participants?
- And most importantly, what if our wifi does not work?
In anticipation of the event, we spent a lot of time picking our brains about these problems. However, the changed circumstances did not discourage an astounding 1150 participants to register for this year’s FuzzCon.
Yes, hosting the event digitally had its challenges and downsides, but it also provided a lot of opportunities - especially, because it enabled participants to join us from the comfort of their own homes. We could never have reached such a huge, international crowd, had we hosted the event at our headquarters in Bonn, Germany. The online format also allowed us to create high-quality recordings of the individual sessions, which are now available on our event recap page.
While a large number of participants at FuzzCon Europe 2020 shows that Code Intelligence is becoming more of a household name in the field of application security, it is also a reflection, of how much recognition fuzzing has gained all over the world recently. This year’s participants ranged from security newbies to professionals from a variety of different industries, in over 35 countries. Even our speakers were scattered around the globe, such as example Caroline Lemieux, who joined us from California, or Marcel Böhme, who delivered his talk from Australia.
"Let’s bring the research and industry people together, to share some ideas on how to test software", - Sergej Dechand.
The Big Surprise
One of the highlights of this year’s event was the announcement of the Closed Beta for Code Intelligence’s SaaS solution CI Fuzz. CI Fuzz is a testing platform that is characterized by its high usability. This enables it to be deployed continuously alongside the development process, without the presence of a security professional. Although many of the participants already requested access during the event, we still have a couple of slots left, so apply now!
This Year’s Topics
Some of the most-discussed topics this year were usable security, different fuzzing approaches and use cases. The event started on the 8th of September at 10 with a kick-off from the CEO and co-founder of Code Intelligence Sergej Dechand. After that, the 16 speakers each took around 30 minutes to deliver their talk, chat with our moderators and answer questions from the crowd. Alongside, there was a constant exchange on slack, where our participants had the opportunity to network with our speakers and other attendees.
Some of the Hottest Topics:
1. Taming Fuzzers
Andreas Zeller: Professor, CISPA Helmoltz Center for Information Security
In this talk about taming fuzzers, Andreas Zeller provided detailed insights on how to customize and control a fuzzer to make it more accurate. He also explained how grammar can be fed into a fuzzer, to help it create better inputs.
2. CI Fuzz - Continuous Fuzzing of Network Services
Khaled Yakdan: Chief Scientist and Co-Founder, Code Intelligence
In this keynote, Khaled announced Code Intelligence's very own fuzzing platform CI Fuzz. He covered all relevant aspects, such as setting up the fuzzer, instrumentation, and its compatibility with different infrastructures and languages. At the end of this talk, he even conducted some live tests to demonstrate the platform's incredible usability.
3. Fuzzing Challenges and Reflections
Marcel Böhme: Senior Lecturer, Monash University
Especially during his time as a senior researcher at the TSUNAMi Security Research Centre in Singapore, Marcel Böhme has been involved in many publications in the field of fuzzing. In his talk he shared some of this experience, as he discussed the urgent need for automated fuzzing and the opportunities this method offers.
4. The Human Component in Automated Bug Finding
Christian Holler: Staff Security Engineer, Mozilla
Christian Holler, who is also known as decoder, focussed his talk around the cultural and human elements that affect the acceptance of fuzzing. He provided some helpful instructions for action to improve the mutual trust relationship between security professionals and developers.
All recordings and slides from FuzzCon Europe 2020 are available for free on our event recap page.
FuzzCon Europe 2020 in Recap
What we found most fascinating about FuzzCon Europe 2020, was that application security experts from all different walks of life came together to work towards the same goal: make software secure. Hopefully, this exchange will spark ideas and collaboration, to bring us one step closer to this goal. We want to extend our gratitude to everyone who helped make this day so special. To our amazing speakers, our moderators, the numerous participants, and the whole Code Intelligence team: You guys absolutely crushed it!