Talk

Fuzzing and Mozilla: 2015

By Gary Kwong (gkw)

This presentation describes where fuzzing sits in a Mozilla development workflow in 2015. It will mention how you can leverage it in your workflow to make development more efficient, and will not cover fuzzing itself in detail.

  1. Home
  2. Events
  3. Topics

Details

Date & Time
Day 2 (25th June) 15:35 - 16:05
Location
Training Theatre
Category
Security
Language
English (with Mixed English, Chinese, Japanese Slides)
Target Audience
Developers, IT Managers
Requirement
Be able to understand fuzzing (random black box testing)
Advanced
The Mozilla Gecko platform has many moving parts. With the move into Firefox OS, there are increasingly more areas which need testing to ensure good quality and safety of the users. In this presentation, Senior Security Engineer Gary Kwong will describe how fuzzing can be leveraged in the Mozilla development workflow. Gary will talk about fuzzing tools, suggested automation building blocks and ways to start deploying fuzzing quickly. A case study on the success of the fuzzing team working together with the JavaScript team will be described. Furthermore, he will also cover the potential pitfalls of this approach and conditions under which fuzzing can be most effective.

Gary Kwong gkw

Origin
Hong Kong
Residence
Mountain View, CA, United States
Community
Mozilla
Company
Mozilla Corporation

Biography

Gary Kwong is a long-time member of the Mozilla community, and currently a senior security engineer at Mozilla Corporation. He specialises in running JavaScript fuzzers that rigorously test SpiderMonkey - the JavaScript engine of the Gecko platform on which Mozilla Firefox is based. Gary is passionate about languages and breaking things in general.