We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
A Journey Into Fuzzing WebAssembly Virtual Machines
Explore the challenges and techniques of fuzzing WebAssembly virtual machines, including adapting to multiple frameworks, and discover vulnerabilities in targets like Rust, Go, and JavaScript.
- Fuzzing WebAssembly virtual machines is challenging due to its complexity and various implementations.
- The speaker’s journey into fuzzing WebAssembly VMs led to the discovery of bugs and vulnerabilities in various targets, including Rust, Go, Python, and JavaScript.
- The main challenges are adapting to multiple fuzzing frameworks, guided fuzzing, and in-process fuzzing.
- The speaker used DDoS, Structure-aware fuzzing, and Differential fuzzing techniques to find bugs.
- WebAssembly has a unique text format and binary format, which makes it different from traditional fuzzing.
- The speaker targeted various WebAssembly runtime implementations, including Wasmer, wasm-time, and wasm-parcel.
- In-process fuzzing is a feasible and efficient approach for fuzzing WebAssembly VMs.
- The speaker used Rust as the primary language for fuzzing and found bugs in various targets, including WebEats.
- The speaker also attempted to fuzz other targets, including Go, Python, and JavaScript, but with less success.
- The speaker believes that fuzzing WebAssembly VMs can help improve the security and reliability of WebAssembly-based systems.
- The talk provides a comprehensive overview of the challenges and techniques involved in fuzzing WebAssembly VMs.