April 28, 10:30-17:00, 2025 at Radboud University, Nijmegen
This workshop, currently in its third edition, is aimed at researchers and practioners from the Netherlands working on fuzzing or other automated - dynamic or static - techniques to find, fix or exploit security vulnerabilities in code. The goal is to create collaboration and synergy, so there is plenty of time for discussion and informal chats over coffee, lunch and drinks. People are also welcome to give short pitches to signal interests, problems, case studies or ideas to collaborate on.
The workshop is organised by the ACCSS working group on Software Security and the INTERSCT project, where it is of interest for research into quality assurance in WP2 and attacks in WP4. Some of the researchers involved also participate in the AVR (Automated Vulnerability Research) project of dcypher.
Information (incl. some slides) about previous editions of the workshop: 2023, 2024.
10:45 - 11:15 Seyed Benham Andarzian (RU), Email Smuggling with Differential Fuzzing of MIME Parsers [paper]
11:15 - 11:45 Michiel Brouwer (TNO), Integrating REST API Fuzzing into CI/CD Pipelines for Early Vulnerability Detection
11:45 - 12:15 Raphael Isemann (VU), Work-in-Progress: On Hashtables and Other Weird Fuzz Blockers
12:15 - 13:30 Lunch (on location)
13:30 - 14:00 Dyon Goos (VU), BaseBridge: Bridging the Gap between Over-The-Air and Emulation Testing for Cellular Baseband Firmware
14:00 - 14:30 Matteo Marini (Sapienza University Rome), QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing [paper]
14:30 - 14:45 Coffee
14:45 - 15:15 Floris Gorter (VU), RangeSanitizer: Detecting Memory Errors with Efficient Range Checks [paper]
15:15 - 15:45 Jorik van Nielen (UT), State-aware fuzzing for microcontroller firmware
15:45 - 16:15
Jos Craaijo (Open University),
libLISA: Instruction Discovery and Analysis on x86-64
[paper]
16:15 - 17:15 Drinks