FuzzingLabs Academy/Introduction to JavaScript Fuzzing

  • Free

Introduction to JavaScript Fuzzing

    Learn how to fuzz JavaScript code using jsfuzz.
    📦 Source code, 📝 Cheatsheet,  ğŸŽžï¸ Video

    Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

    In this course, I will fuzz a JavaScript npm/ nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a minimal crashing reproducer.

    Finding bugs in TypeScript code (chrono-node) using jsfuzz

     Today, I will use jsfuzz to find unhandled exceptions inside a famous TypeScript library (chrono-node). This library is a perfect kind of target for fuzzing since it's parsing data and the APIs are simple. I will first explain which API we will fuzz, then how to create a fuzzing harness, trigger some bugs and finally show you how to easily debug the crashes.

    What's included?

    Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

    Video: Complete step-by-step tutorial
      fuzzing_javascript_jsfuzz.zip
      • 16.6 KB
      Cheatsheet : All the commands for the tutorial
      • 4.46 KB

      Finding bugs in TypeScript code (chrono-node) using jsfuzz

      Video: Complete step-by-step tutorial
        fuzzing_typescript_jsfuzz.zip
        • 917 KB
        Cheatsheet_fuzzing_typescript_npm_nodejs_code_jsfuzz.md
        • 5.32 KB

        Meet Your Instructor

        Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

        Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

        You can read more about me by clicking here.

        FREE Resources & Trainings

        Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇

        You're signing up to receive emails from FuzzingLabs Academy