Fuzzing is a dynamic security testing method that has been a hot topic lately. In theory, it allows to automate vulnerability finding: you set it up once and then run continuously, in order to find weak spots in your code. But in reality it is a bit more complicated, especially, when fuzzing is implemented for an embedded development. How to do you make sure your fuzzing tests have sufficient coverage of your code? How do you ensure continuous fuzzing. A solution to these challenges requires not only expertise but also the right tooling to ensure productive collaboration between developers and security experts.
In June we have started a series of blog posts, written by Arjen Rouvoet, Senior Software Developer at Riscure. He talks about the general approach to building an effective fuzzing workflow, and also shows how this approach can be implemented with Riscure True Code – a code checking tool with embedded fuzzing capability. Two articles were published already:
Click here for part one: Real-time code coverage during a fuzzing test
Click here for part two: The challenges of Continuous Fuzzing
And stay tuned for a more in-depth look at fuzzing and other capabilities of True Code in the coming weeks!