Practical Web Browser Fuzzing

Waitlist

Practical Web Browser Fuzzing

⚠️ Warning ⚠️
This training is only available during physical events in security conferences or during private sessions for the moment. if interested, please use the contact form.

You can subscribe below to be informed once the online version will be available.

What you'll learn

Web Browsers are one of the most used and critical software in the world. Using millions of lines of code, they are in charge of handling, sanitizing, and interpreting all kinds of (untrusted) data coming from the web. To be honest, It’s just impossible for developers to write such complex pieces of software (involving compilers, interpreters, and parsing libraries) without introducing any bugs.

As shown in the last years, fuzz testing is by far the most efficient and scalable testing technique to find software bugs. In this training, we will apply fuzzing to find critical vulnerabilities in different web browser implementations.

First, this course will give you all the prerequisites to understand the architecture and major components of modern web browsers. Then, you will create and set up a testing environment allowing you to easily replay, debug, minimize and analyze existing issues, CVEs, and PoCs. Over dedicated modules, you will discover and fuzz the main browser components such as DOM, JS engines, JIT compilers, WebAssembly, and IPC. You will learn how to use famous tools (Domato, Dharma, Fuzzilli, Frida) and create your custom fuzzers to apply different fuzzing techniques (coverage-guided, grammar-based, in-process fuzzing) to find vulnerabilities/bugs.

A lot of hands-on exercises will allow you to internalize concepts and techniques taught in class. This course will mainly focus on Google Chrome, Firefox, and WebKit/JSC.

Abstract

Module 1: Introduction to Browser Fuzzing

Introduction to Fuzzing
Modern Browser Architecture & major Components
Setting up a Testing and Debugging environment
Compile and Explore famous browser codebases
Fuzzing Web Browsers Fundamentals
Improving your Fuzzing Workflow & Automation

Module 2: Fuzzing DOM & Rendering engines

Introduction to the Rendering engine
HTML/CSS/XML Parsing
Analysis of existing CVEs, Issues, and PoCs
Blink, Gecko & WebKit Fuzzing
DOM rendering & Implementation
Fuzzing DOM using Grammar-based Fuzzing

Module 3: Fuzzing JavaScript Engines & JIT Compilers

JavaScript Engine Internals & APIs
Memory management and Garbage collection
Analysis of existing CVEs, Issues, and PoCs
V8, Spidermonkey & JavaScriptCore Fuzzing
JIT compilers Internals
TurboFan and IonMonkey Fuzzing

Module 4: Fuzzing WebAssembly Compilers & APIs

Introduction to WebAssembly
VM Architecture & Implementation
Analysis of existing CVEs, Issues, and PoCs
Fuzzing WebAssembly JavaScript APIs
WebAssembly compilers internals
WebAssembly In-process Fuzzing

Module 5: Fuzzing IPC and other Components

Inter-Process Communication (IPC) Internals
Analysis of existing CVEs, Issues, and PoCs
Fuzzing Chrome Mojo/Legacy IPC
Discovery of other Components Implementation
Networking/Data Persistence APIs
Fuzzing Media and other Plugins

Meet Your Instructor

Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.

X Linked_in Youtube Website Mail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇