FuzzingLabs Academy/Go Security Audit and Fuzzing

  • $2,400

Go Security Audit and Fuzzing

    Learn which kind of security vulnerabilities/bugs can be found inside Go code, how to detect them statically and automatically using fuzzing techniques.
    🎞️ 90+ videos / ⏱️ 7.5+ hours / πŸ‘¨β€πŸ’» 25+ exercises

    What you'll learn?

    This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.

    Along with this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.

    Module 1 - Go Audit & Code Review

    • Introduction to Go and its Ecosystem
    • Security concepts
      • Memory safety,  Garbage collector
      • Error handling, Concurrency
    • Golang common vulnerabilities
      • Panicking function
      • Arithmetic errors
      • Out-of-bounds panics
      • SIGSEGV / Nil pointer dereference
      • Resource exhaustion / OOM, Stack overflow
    • Advanced vulnerabilities
      • Unsafe code
      • Data races, Race conditions, 
      • Memory Leak, Logic errors
      • Concurrency issues
      • Web App Vulnerabilities (SQLI, XSS, etc.)
    • Attack surface discovery & Auditing tools

    Module 2 - Go Fuzzing & Crash Analysis

    • Introduction to Fuzzing
    • Coverage-guided Fuzzing
      • go-fuzz, libfuzzer,  testing/fuzz
    • Fuzz testing workflow
      • Corpus/inputs collection, Code coverage
      • Corpus minimization
    • Crashes Analysis
      • Bucketing, Crashes minimization, Debugging, Root cause analysis
    • Generation-based fuzzing
      • Grammar-based & Structure-aware Fuzzing
    • Advanced testing techniques
      • Property-based testing, Concolic Testing
      • Differential fuzzing / Writing custom fuzzers

    What's included?

    πŸ”‘ Immediate access to all the content
    ⏱️ 7.5+ hours of curated and practical knowledge
    🎞️ 90+ easy-to-digest, on-demand videos
    πŸ‘¨β€πŸ’» 25+ hands-on exercises & labs
    ♾️ Lifetime access
    πŸ“– 300+ digital and printable slides
    πŸ“ Assignments to apply your new skills
    πŸ’― Certificate of completion

    Who should attend?

    This course is for anyone who's looking for a hands-on and pragmatic approach to audit and secure Go code such as:

    βœ” Software developers
    βœ” Security engineers
    βœ” Vulnerability researchers
    βœ” Pentesters & Red team professionals

    What's included in this bundle?

    Go Audit and Code Review

    Discover which kind of security bugs can be found inside Go code and how to detect them statically.
    🎞️ 43 videos / ⏱️ 3.5 hours / πŸ“– 150 slides

    Go Fuzzing and Crash Analysis

    Learn how to use Go fuzzers, develop harnesses and apply different fuzzing techniques to find bugs.
    🎞️ 49 videos / ⏱️ 4 hours / πŸ“– 150 slides

    Go Security Virtual Machine

    This virtual machine is an Ubuntu based VM (Xubuntu) with everything installed for the Go Security Audit and Fuzzing training.

    What Students are Saying...

    Anonymous

    Really complete training if you're starting to write and audit Go code. I've already applied and used the fuzzing tools and techniques against Blockchain code and I directly found multiple bugs! Thanks Patrick!

    Thomas.H

    The course contains a lot of information to be completely processed but it's well built and very practical! My favorite part was about fuzzing!

    Anonymous

    I was impressed with the quality of Go training on many levels. The slides exceeded my expectations and the videos really motivated me to finish the course entirely!  Of course, It costs a certain budget but it's definitely worth the investment.

    Anonymous

    Great course, not just showing how to use some fuzzing tools... it goes into detail showing the process and workflow required to fuzz a target.

    • $2,400

    Go Security Audit and Fuzzing

      Learn which kind of security vulnerabilities/bugs can be found inside Go code, how to detect them statically and automatically using fuzzing techniques. 🎞️ 90 videos / ⏱️ 7.5 hours / πŸ‘¨β€πŸ’» 25+ exercises

      Meet Your Instructor

      Hey! πŸ‘‹ My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

      Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

      You can read more about me by clicking here.

      FREE Resources & Trainings

      Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. πŸ‘‡

      You're signing up to receive emails from FuzzingLabs Academy