New regulations (Cyber Resilience Act, CRA) and the expanded product liability directive require manufacturers of all products with a communication interface to conduct regular security tests to identify security vulnerabilities, not only in their own program code, but also in third-party components, including open source software. The gold standard for security testing is fuzzing, but it poses major hurdles for typical testers and developers. The new regulation will mean that many of these developers and testers will be confronted with security testing for the first time.

This course provides the practical knowledge needed to successfully apply fuzzing for security testing. It introduces the basics of security testing with various testing methods in general and with fuzzing.

Building on this, participants learn about various fuzzing approaches and techniques in theory. Each approach is applied in practical exercises using specific fuzzing tools. Building on this, related methods and tools, such as vulnerability detection, termination conditions, and combination with other testing methods, are presented and tested experimentally.

In a 3-hour online module, knowledge is refreshed and deepened in practical exercises on new problems.