This training empowers you to harness the power of fuzzing, an automated technique that uncovers hidden vulnerabilities in software. Manual testing for these weaknesses in complex codebases is a struggle. Fuzzing automates this process, feeding your software unexpected inputs to expose cracks in its armor. By integrating fuzzing into your Secure Development Lifecycle (SDLC), you can proactively identify and fix vulnerabilities early, saving time and resources down the line. This training equips you with the knowledge to not only understand fuzzing fundamentals but also apply them across various platforms like Linux and Windows. You'll gain expertise in triage analysis, allowing you to prioritize and effectively address the vulnerabilities identified through fuzzing. Through hands-on labs, you'll gain real-world experience with the "Crash, Detect & Triage" process, solidifying your fuzzing mastery. This training is designed for security professionals and developers who want to take a proactive approach to software security.
To successfully participate in this course, attendees should possess the following:
Working knowledge of cybersecurity and pen testing fundamentals
Working knowledge of Fuzzing concepts and Corpus generation is recommended, but not required
Basic Windows & Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at-least one higher-level language
Basic Windows/Linux binary assembly knowledge is recommended, but not required
Efficient fuzzing techniques
Exploring various vulnerability classes
Essential basics and mechanics of fuzzing
Designing custom grammars for fuzzing
Establishing persistence in intricate programs
Leveraging QEMU for binary-centric fuzzing
ARM architecture introduction and ARM binary fuzzing
Initiating fuzzing for Windows binaries
Numerous practical exercises with real-world software
CTC "“ Capturing crashes in custom applications
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.