CrowdStrike Incident: Detecting Out-of-Bounds Memory Access with Fuzz Testing
About this webinar:
Join the webinar to learn and see an in-depth live demo on how you can leverage fuzz testing to detect out-of-bound memory access bugs and similar vulnerabilities in C and C++ projects.
The worldwide IT outage in July 2024 is the latest example of the severe consequences that out-of-bound memory access vulnerabilities can have in C/C++ software. Crowdstrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). In their Root Cause Analysis report, CrowdStrike specifically added fuzz testing to the technologies they plan to implement to prevent similar incidents in the future.
Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library and enabled attackers to steal highly sensitive information such as passwords and secret keys. The vulnerability remained undetected for over two years in this popular library. Remarkably, fuzz testing could identify this issue in less than 10 seconds.
Key Learnings:
- What out-of-bounds memory access bugs are, and how they occur
- Why fuzzing uncovers memory corruption bugs that other testing technologies miss
- How to detect out-of-bounds memory access and other memory corruptions using fuzzing.
Why attend:
- Learn how you can effectively detect program crashes and security vulnerabilities in C/C++
- Stay up-to-date with new security testing technologies
- Get actionable advice on how to start using fuzz testing effectively in your development workflow.
Who should attend:
- Security Engineers and Cybersecurity Enthusiasts focused on enhancing software security through advanced testing techniques.
- Quality Assurance (QA) Managers who are responsible for the robustness and security of software applications.
- Software Developers working with C/C++ who want to improve their ability to detect and fix vulnerabilities in their code.
- Technical Managers and Team Leads who are looking to adopt or expand their team’s security practices and tools.