Internet of vulnerable things
Today more and more smart devices integrate into our lives. Every day these devices gather tons of personal information that is further processed and stored in the cloud. But how one can be sure that these devices don't have vulnerabilities and that our data is properly protected?
Let's follow the trends and talk about security of Internet of things.
What will be discussed:
- IoT-specific vulnerabilities
- what is the difference between IoT security and common security testing?
- what to start from and where to practice?
Fuzzing - leave hackers with nothing!
Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.
Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.
In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.