STARWEST 2019 Concurrent Session : Fuzz Testing for Fun and Profit


Wednesday, October 2, 2019 - 11:30am to 12:30pm

Fuzz Testing for Fun and Profit

Add to calendar

A software test is no better than the data that drives it. Fuzz testing is a great way to find buggy, exploitable, or otherwise bad code – and if you’re working with a native application that operates on file input, it’s a solved problem. Grab AFL or some other all-in-one suite, hit go, and profit! But what about web services? What about managed applications? For a service-based developer, fuzz testing your HTTP serving layer isn’t all that interesting if you’re running on the latest version of Apache. Fuzz testing your application along its interface boundaries, though? Very interesting – and not a problem that can be solved with an all-in-one suite off the shelf. In this technical talk, Melissa will demonstrate not just about what fuzz testing is, but how to use it to test a service architecture at every level and interface. Using real-life examples and experience, she will demonstrate how easy it can be to integrate both mutation and generation fuzzing into an existing test strategy for services that operate at any scale – from micro to global. Every services developer should be able to feel confident not only that they’ve sanitized their inputs, but that they’ve been validated! 

Melissa Benua

Melissa Benua has worked in nearly every software development role—dev, test, DevOps, and program management—at companies big and small and somewhere in between. She's created and run high-availability, high-quality services for PlayFab, Bing, Cortana, and Xbox One, and now for mParticle's enormous data platform. Melissa discovered her love of massively scaled systems while growing the Bing back end, where she honed the art of keeping highly available, complex systems up while undergoing significant code churn. Now an engineering manager with mParticle, she’s passionate about not only maximizing efficiency in her product code and in her developer tools, but also sharing best practices among colleagues and with the tech world at large.