Speaker:
Derek Dervishian
Lockheed Martin Corporation

Abstract:
This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B)



The number of software vulnerabilities found in modern computing systems has been on the rise for some time now. As more and more software is being developed, software testing is increasingly becoming an important part of the software development cycle, with the goal of rooting out any and all vulnerabilities before public release. However, finding software vulnerabilities is not a trivial task, especially in complex software systems with thousands of lines of code and complicated system interactions. Just a single vulnerability making its way into a software product/service can have devastating consequences, if not discovered and patched in good time.

Luckily, there is a plethora of available software testing tools and techniques. One such software testing approach is called fuzzing. Fuzzing is an automated program testing technique introduced in the late-1980s, and has become a critical tool in a software tester's toolkit. Fuzzing is based on the simple idea of feeding software lots of mutated inputs and monitoring the program state for any anomalous behavior. Fuzzers have had a long and successful track record of finding software vulnerabilities. This success brought forth new and innovative approaches to improve the overall fuzzing process in all aspects. However, despite its success and widespread use, fuzzing is not a "one size fits all" approach. Software testers still have to tailor their fuzzing methodology to the software under test. Therefore, understanding the inner workings of fuzzers is absolutely vital in order to determine when and how to use them most effectively.

About: Derek Dervishian works as a cybersecurity research engineer at Lockheed Martin - Advanced Technology Laboratories, an advanced applied R&D division of the Lockheed Martin corporation, specializing in cyber, autonomy, data analytics and much more. In this role, Derek has worked on several R&D projects across multiple technical areas, including vulnerability research and binary analysis.

Derek graduated from Purdue University with a Bachelor's degree in Computer Engineering in December 2020. Derek is currently pursuing a Master's degree in Computer Science from the Georgia Institute of Technology.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info