Loading…
October 24 - 25, 2022 | Detroit, Michigan
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 - Detroit, MI + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (EDT), UTC -4. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Tuesday, October 25 • 4:15pm - 4:45pm
Getting More Confident with Your Security Helper Libraries Thanks to Go Fuzzing - Jeremy Matos, Grafana Labs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Security helper libraries are often hard to unit test because they should make sure “bad” inputs are not considered valid, but how can we know we are not forgetting one kind of “bad” input? In cases where we don’t have an explicit definition of a good input, Go Fuzzing can be really helpful to gain confidence we are not missing some corner cases. Using a real-life example of a path traversal vulnerability in Grafana OSS, this talk will show how Go Fuzzing can be used to improve the test coverage of the corresponding security fix. Additionally, it will cover how this technique helped validate more complex security helpers and enabled us to detect some bypasses.
Speakers
avatar for Jeremy Matos

Jeremy Matos

Principal Security Engineer, Grafana Labs
Jeremy Matos is a Principal Security Engineer at Grafana Labs. Rather than breaking things, the former backend developer has shifted his main focus to helping produce secure enough software. He used to work at GitLab and has 15 years of experience in the software security industry... Read More →

Getting more confident thanks to Go Fuzzing pdf
Tuesday October 25, 2022 4:15pm - 4:45pm EDT
Room 330 AB Huntington Place: 1 Washington Blvd, Detroit, MI 48226
  Sessions, Track 1