17 Nov 2020
Sam Kerr walks through fuzz testing group's areas of focus for GitLab's 13.7 release.
Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 7 minutes
3 Nov 2020
A technical brainstorm on how to create the API Fuzzing Configuration screens.
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/239088
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/239088
- 5 participants
- 58 minutes
16 Oct 2020
Sam Kerr discusses the upcoming Fuzz Testing capabilities GitLab is focusing on with 13.6.
Planning board Sam reviewed is at https://gitlab.com/groups/gitlab-org/-/boards/1655608?&label_name[]=group%3A%3Afuzz%20testing
Fuzz Testing Direction page is at https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
Planning board Sam reviewed is at https://gitlab.com/groups/gitlab-org/-/boards/1655608?&label_name[]=group%3A%3Afuzz%20testing
Fuzz Testing Direction page is at https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 9 minutes
13 Oct 2020
Fuzz testing
Associated presentation: https://docs.google.com/presentation/d/1YSOvlS-0wmxtdsEky5m3PijslFOLRUzppFJvQhMaFMo/edit#slide=id.ga0dc1640fd_0_1959
Associated presentation: https://docs.google.com/presentation/d/1YSOvlS-0wmxtdsEky5m3PijslFOLRUzppFJvQhMaFMo/edit#slide=id.ga0dc1640fd_0_1959
- 2 participants
- 22 minutes
24 Sep 2020
Sam Kerr discusses the upcoming plans for GitLab's Fuzz Testing group & the 13.2 release.
Fuzz Testing Direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
13.2 Planning Board: https://gitlab.com/groups/gitlab-org/-/boards/1655608?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=group%3A%3Afuzz%20testing&label_name[]=direction&milestone_title=13.2
Fuzz Testing Direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
13.2 Planning Board: https://gitlab.com/groups/gitlab-org/-/boards/1655608?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=group%3A%3Afuzz%20testing&label_name[]=direction&milestone_title=13.2
- 1 participant
- 7 minutes
23 Sep 2020
An initial technical walk through of Fuzzit and discussing how this could integrate with GitLab.
- 4 participants
- 1:22 hours
9 Sep 2020
GitLab 13.4 releases API fuzz testing! This technique can find bugs and security vulnerabilities in your APIs that other approaches may miss.
- 1 participant
- 7 minutes
10 Aug 2020
GitLab is releasing coverage-guided fuzz testing as part of 13.3! Principal PM Sam Kerr walks through what it is and how you can use it in GitLab.
Additional information about our fuzz testing:
* Fuzzing 101 video playlist - https://www.youtube.com/playlist?list=PL05JrBw4t0KoYzW1CR-g1rMc9Xgmnhjfe
* Product documentation - https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
* Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
Additional information about our fuzz testing:
* Fuzzing 101 video playlist - https://www.youtube.com/playlist?list=PL05JrBw4t0KoYzW1CR-g1rMc9Xgmnhjfe
* Product documentation - https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
* Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 4 minutes
4 Aug 2020
Principal PM Sam Kerr walks you through how to add fuzz testing to a basic Go application!
Fuzzing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
Fuzzing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 10 minutes
4 Aug 2020
GitLab Principal PM, Sam Kerr walks through an overview of what a corpus is, how it relates to coverage-guided fuzz testing, and why you might use it.
If you've not seen the high-level overview of coverage-guided fuzz testing yet, check it out at: https://www.youtube.com/watch?v=K3sX_dwyvqQ&list=PL05JrBw4t0KoYzW1CR-g1rMc9Xgmnhjfe&index=2&t=0s
Fuzz testing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
If you've not seen the high-level overview of coverage-guided fuzz testing yet, check it out at: https://www.youtube.com/watch?v=K3sX_dwyvqQ&list=PL05JrBw4t0KoYzW1CR-g1rMc9Xgmnhjfe&index=2&t=0s
Fuzz testing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 5 minutes
31 Jul 2020
Fuzzing documentation: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#coverage-guided-fuzz-testing-ultimate
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
Fuzz testing direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
- 1 participant
- 7 minutes
28 Jul 2020
This is a BrownBag Session (https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/33) about creating a snapshot-based, feedback-guided fuzzer that uses perf events for feedback. Project with example code: https://gitlab.com/gitlab-org/vulnerability-research/kb/presentations/creating_a_snapshot_feedback_guided_fuzzer
- 2 participants
- 57 minutes
21 Jul 2020
This BrownBag session discusses problems and solutions for deriving fuzzing harnesses from existing unit tests.
BrownBag issue: https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/28
BrownBag issue: https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/28
- 2 participants
- 33 minutes
14 Jul 2020
Sam Kerr discusses the fuzz testing groups upcoming plans for the 13.3 GitLab release.
- 1 participant
- 8 minutes
29 Jun 2020
This is a BrownBag session (https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/29) on setting up fuzzing on gitlab-runner and the .gitlab-ci.yml parser found in GitLab
- 4 participants
- 44 minutes
26 Jun 2020
A discussion of how to integrate the Peach API fuzzing engine into the GitLab architecture within the six months.
- 3 participants
- 1:21 hours
25 Jun 2020
This is a recording of a discussion about the structure and architecture of the fuzzing report schema used in GitLab.
- 4 participants
- 40 minutes
11 Jun 2020
Tune in to learn about an exciting update to the GitLab Secure Direction and our newest Fuzz Testing solutions!
Press Release: https://www.globenewswire.com/news-release/2020/06/11/2046908/0/en/GitLab-Acquires-Peach-Tech-and-Fuzzit-to-Expand-its-DevSecOps-Offering.html
Learn more about our plans on our fuzz testing direction page at https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing
Give us feedback on our feedback issue at https://gitlab.com/gitlab-org/gitlab/-/issues/221137
Press Release: https://www.globenewswire.com/news-release/2020/06/11/2046908/0/en/GitLab-Acquires-Peach-Tech-and-Fuzzit-to-Expand-its-DevSecOps-Offering.html
Learn more about our plans on our fuzz testing direction page at https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing
Give us feedback on our feedback issue at https://gitlab.com/gitlab-org/gitlab/-/issues/221137
- 2 participants
- 8 minutes