Skip to content

CrowdStrike Incident: Detecting Out-of-Bounds Memory Access with Fuzz Testing

In our webinar you'll learn how fuzz testing detects critical C/C++ bugs.

TRUSTED BY
google-2015-3Deutsche_Telekom_2022 1-3bosch-logo-simple 1-2Secunet_Security_Networks_Logo-2Continental_AG_logo 1-2Cariad_Logo-2ETAS-Logo-2

About the webinar

The worldwide IT outage in July 2024 is the latest example of the severe consequences that out-of-bound memory access vulnerabilities can have in C/C++ software. Crowdstrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). In their Root Cause Analysis report, CrowdStrike specifically added fuzz testing to the technologies they plan to implement to prevent similar incidents in the future.

Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library and enabled attackers to steal highly sensitive information such as passwords and secret keys. The vulnerability remained undetected for over two years in this popular library. Remarkably, fuzz testing could identify this issue in less than 10 seconds.

Watch the webinar now to learn and see live demos on how you can leverage fuzz testing to detect out-of-bound memory access bugs and similar vulnerabilities in C and C++ projects.

Webinar Crowdstrike Incident

 

Inside, you'll discover:

  • How fuzz testing contributes to ISO 21434 compliance.
  • The specifics of cybersecurity validation and verification requirements.
  • How suppliers and OEMs comply with ISO.
  • The benefits of source code fuzz testing, aka white-box fuzzing.
 
mockup-white-paper-iso-fuzz-testing-small

Key topics and takeaways

  • What out-of-bounds memory access bugs are, and how they occur.
  • Why fuzzing uncovers memory corruption bugs that other testing technologies miss.
  • How to detect out-of-bounds memory access and other memory corruptions using fuzzing.

What will you learn?

  • Learn how you can effectively detect program crashes and security vulnerabilities in C/C++.
  • Stay up-to-date with new security testing technologies.
  • Get actionable advice on how to start using fuzz testing effectively in your development workflow.

Who should watch the webinar?

  • Security Engineers and Cybersecurity Enthusiasts focused on enhancing software security through advanced testing techniques.
  • Quality Assurance (QA) Managers who are responsible for the robustness and security of software applications.
  • Software Developers working with C/C++ who want to improve their ability to detect and fix vulnerabilities in their code.
  • Technical Managers and Team Leads who are looking to adopt or expand their team’s security practices and tools.

General information

Khaled Yakdan

Speaker

Co-Founder & Chief Scientist

Date 

September 19th, Thursday
 

Time

 15:00 CET / 9:00 EDT

Comply with ISO/SAE 21434

Ensure compliance with ISO 21434's validation and verification requirements using AI-guided fuzz testing by Code Intelligence. 

Watch the recording of the 'Crowdstrike Incident' webinar