Schedule

Back
Ariel Zelivansky
Ariel Zelivansky
@zelivans

I am the head of security research at Twistlock. I do security with a special affection for the Ruby language.

Fuzzing native Ruby code with Kisaten

Fuzzing is a common technique used to discover bugs and vulnerabilities in code. In order to fuzz native Ruby code, I've built Kisaten, a Ruby extension for MRI that uses the magic of one of the best fuzzers of the time, american fuzzy lop. With Kisaten I found bugs in the Ruby standard library (in rdoc and rexml) and in popular gems like mail, asciidoctor and rubyzip. And there is still much more to fuzz!

I plan to walk through its development process from a Rubyist point of view, and present how it can be used so you can fuzz your own code.