Login
FuzzingLabs Academy/Rust Audit and Code Review
Enrollment is closed

Rust Audit and Code Review

Discover which kind of security bugs can be found inside Rust code and how to detect them statically.
🎞️ 42 videos / ⏱️ 5 hours / πŸ“– 160 slides
Buy now

What you'll learn?

In this course, you will focus on learning Rust code audit and vulnerability research. First, You will discover which security mechanisms are enforced by default in Rust, which vulnerabilities are the most common and how to detect them. Then, you will have the opportunity to analyze unsafe code and apply much of the theory in practice over small real-life hands-on assignments to highlight aspects of auditing Rust code.

  • Introduction to Rust and its Ecosystem
  • Security concepts
    • Ownership, Borrowing and Lifetime
  • Rust most common vulnerabilities
    • Error handling & Unwrapping, Panicking macros, Arithmetic errors
    • Index out of bound, Stack overflow, resource exhaustion (OOM)
  • Unsafe codes
    • Tooling and Sanitizers (ASAN, MSAN, etc.)
    • Out of bound access (OOB), Use-after-free (UAF), Double free, Memory leak, Data Races and Race Conditions
  • Rust advanced vulnerabilities
    • Logic bugs, FFI, Cryptographic issues, Uninitialized & Zeroing memory
  • Attack surface discovery & Auditing tools

Assignments


Assignment #1 - Rust introduction and security concepts
  • Get a quick introduction to Rust language and its ecosystem.
  • Compile and execute Rust code examples.
  • Discover how Rust security mechanism works.
Assignment #2 - Detect most common Rust vulnerabilities
  • Identify multiple vulnerabilities and their impacts.
  • Reproduce bugs and learn how to detect them in the future.
  • Evaluate security of real-life crate packages using code review.
Assignment #3 - Auditing unsafe code
  • Understand why unsafe code exists and when it can be dangerous.
  • Detect unsafe memory issues using sanitizing tools.
  • Analyze real-world usage of unsafe code.
Assignment #4 - Real-World: Audit popular Rust packages
  • Choose targets to audit from popular libraries.
  • Identify interesting code patterns.
  • Share hypothesis and findings.

  • $2,400

Rust Security Audit and Fuzzing

  • 3 Products

This course is available inside the Rust Security Audit and Fuzzing bundle.

Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques.
🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises
Buy nowLearn more

What's included?

Welcome & Summary

Welcome & Overview
Preview
Summary
Preview

Materials

Day1_Rust_Security_audit_and_code_review_v1_4.pdf
rust_training_day_1.zip
Day1_Rust_Security_Audit_And_Code_Review_v1_7.pdf

1. Introduction to Rust

1.1 - What’s Rust?
1.2 - Rust basics 101
1.3 - Learning Rust
1.4 - Codes examples

2. Rust ecosystem

2.0 - Rust ecosystem
Preview
2.1 - Rust toolchains
2.2 - Compilation
2.3 - Development tools
2.4 - Development IDEs

3. Security concepts

3.0 - Security concepts
3.1 - Ownership
3.2 - Borrowing
3.3 - Lifetimes

4. Rust common vulnerabilities

4.0 - Rust vulnerabilities
Preview
4.1 - Error handling & Unwrapping
4.2 - Panicking macros
4.3 - Arithmetic errors
4.4 - UTF-8 strings handling
4.5 - Index out of bounds
4.6 - Stack overflow
4.7 - Resource_exhaustion / OOM
4.8 - Exercise #1 - Description
Preview
4.9 - Exercises #1 - Solution
4.10 - Exercises #2 - Description
4.11 - Exercises #2 - Solution

5. Unsafe codes

5.0 - What is unsafe code
5.1 - Tooling for detection
5.2- Out of bounds access
5.3 - Use After Free
5.4 - Double free
5.5 - Memory Leak
5.6 - Uninitialized Memory
5.7 - Data Races and Race Conditions
5.8 - Exercise #1 - Description
5.9 - Exercise #1 - Correction
5.10 - Exercise #2 - Description
5.11 - Exercise #2 - Correction

6. Rust advanced vulnerabilities

6.0 - Rust advanced vulnerabilities
6.1 - Cryptographic attacks/vulnerabilities

7. Auditing tools and code review

7.0 - Attack surface discovery
7.1 - Auditing tools
7.2 - Rust code review
7.3 - Exercices
7.4 - Closing remarks

  • $2,400

Rust Security Audit and Fuzzing (full training)

  • 3 Products

This course is available inside the complete Rust Security Audit and Fuzzing bundle.

Learn which kind of security vulnerabilities/bugs can be found inside Rust code, how to detect them statically and automatically using fuzzing techniques. 🎞️ 84 videos / ⏱️ 9.5 hours / πŸ‘¨β€πŸ’» 25+ exercises
Buy nowLearn more

Meet Your Instructor

Hey! πŸ‘‹ My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.
XLinked_inYoutubeWebsiteMail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. πŸ‘‡

You're signing up to receive emails from FuzzingLabs Academy