STARWEST 2019 Concurrent Session : Fuzz Testing for Fun and Profit


Wednesday, October 2, 2019 - 11:30am to 12:30pm

Fuzz Testing for Fun and Profit

Add to calendar

A software test is no better than the data that drives it. Fuzz testing is a great way to find buggy, exploitable, or otherwise bad code – and if you’re working with a native application that operates on file input, it’s a solved problem. Grab AFL or some other all-in-one suite, hit go, and profit! But what about web services? What about managed applications? For a service-based developer, fuzz testing your HTTP serving layer isn’t all that interesting if you’re running on the latest version of Apache. Fuzz testing your application along its interface boundaries, though? Very interesting – and not a problem that can be solved with an all-in-one suite off the shelf. In this technical talk, Melissa will demonstrate not just about what fuzz testing is, but how to use it to test a service architecture at every level and interface. Using real-life examples and experience, she will demonstrate how easy it can be to integrate both mutation and generation fuzzing into an existing test strategy for services that operate at any scale – from micro to global. Every services developer should be able to feel confident not only that they’ve sanitized their inputs, but that they’ve been validated! 

Melissa Benua

In her career at companies from large to small, Melissa Benua has worked in nearly every software development role—engineer, test, DevOps, and program management. She's created and run high-availability, high-quality services at Boeing and Microsoft on products such as Bing, Cortana, and Xbox One. Melissa discovered her love of massively-scaled systems while working on the Bing backend, where she honed the art of keeping highly-available complex systems up while undergoing massive code churn. Now a senior engineer and manager at the disruptive gaming startup PlayFab, Melissa isn’t afraid to mix traditional approaches with bold new ideas to make her products better, faster, and more reliable. She’s passionate not only about maximizing efficiency both in her product code and in her developer tools but also about sharing best practices among colleagues and the tech world at large!