It's not just JavaScript making up your apps dependency tree, some modules make use of native bindings which bring with them all the security concerns of native code. Fuzzing, the process of creatively crafting input to find edge cases and generate unexpected behavior or crashes is a great way to find bugs in these native modules.

It can also be a giant time sink to learn how to get setup to perform effective fuzzing. This class will lead you through the process of understanding fuzzing basics all the way to reviewing the results of your fuzzing efforts.

What this class will cover

• Introduction to fuzzing
• Compiling node.js for fuzzing
• Choosing a fuzzer
• Compiling the target module for fuzzing
• Building a test harness & test cases
• Performance tuning your Node.js fuzzing
• Reviewing your fuzzing results
• Q&A Session

What you will take away

• Start to finish knowledge of how to fuzz native Node.js modules
• A recording of the presentation
• Presentation reference materials
• A quick start docker container with all you need to get started fuzzing native node.js modules

About the presenter

Jon Lamendola is an Application Security Consultant at ^Lift Security and a long time contributor to the Node Security Platform. Jon is an extremely passionate and meticulous attacker, this makes him great at seeking out creative ways of attacking systems and going deeper on the problem currently in front of him. Jon is also an effective communicator of complex ideas which makes him a particularly good fit for this topic.