How You Can Find the Log4j Vulnerability in Less Than 10 Minutes
While most developers rely on unit testing to test whether their application behaves as expected, complementary testing approaches such as automated fuzz testing can enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits, or Remote Code Execution (RCE) attacks such as the recent Log4j vulnerability.
This awesome testing approach is currently gaining a lot of popularity in the open-source community, as it allows developers to execute applications with millions of random, invalid or unusual inputs, which finds bugs that are hard to detect with other testing approaches.
In this live stream, I will demonstrate how automated fuzz testing can quickly and simply identify the Log4j vulnerability with CI Fuzz CLI, an easy-to-use fuzzing tool that enables you to integrate and run fuzz tests directly from your command line or your favorite IDE.
All code examples and tools used are 100% open-source.
# Initialize fuzzing
$ cifuzz init
# Create your first fuzz test
$ cifuzz create my_fuzz_test
# Run fuzz test and find bugs
$ cifuzz run my_fuzz_test