Attacking Java for fun and profit. Or a quick view on useful Fuzzing approaches
Fuzzing – old know security testing method. It’s not only a part of SDLC, but also a really cool approach of enhancing BugBounty results. But how to use fuzzing for BugBounties? The answer is simple – you should always remember that “3 Billion Devices Run Java”!
Vladimir Dashchenko is a security expert at Kaspersky ICS CERT. Previously he used to work as a vulnerability research team leader and as a threat intelligence team leader. He started his career as a security engineer at the Russian Federal Space Agency. He is also a proud member of the BEER-ISAC and RUSCADASEC communities. Vladimir is also a regular speaker at various security conferences, such as SAS, CS3STHLM, Zeronights, OffZone, Positive Hack Days, Bsides etc..
Java is extremely popular and powerful technology for multiple solutions – banking solutions, IoT, Industrial, average software, automotive and many many more! This talk is about customizing fuzzing tools and approaches to attack Java applications. During our talk we will discuss technical details and tools that you can use and we will do a deep-dive into several recently disclosed vulnerabilities in Java-based solution (CVE-2022-23437 and CVE-2021-41561).
This will be useful for several group of attendees: bug hunters, penetration testers, product security teams or software developers.