Fuzz Stati0n Wins International Tech Trailblazer Competition for “Firestarter of the Year”
By Ashley Robello
Employee #1, Fuzz Stati0n
March 2, 2017 — Santa Cruz, CA
(Photo above: Fuzz Stati0n’s David Moore, Ashley Robello, and Joseph Carlos at February’s Santa Cruz New Tech Meet Up. Credit: Dan Coyro, Santa Cruz Sentinel)
[Editor’s note: For more background, read: Fuzz Stati0n named Tech Trailblazer finalist, 1/26/17.]
Firestarter of the Year!
Fuzz Stati0n is honored to announce that we have won the international Tech Trailblazer competition for Firestarter of the Year!
The UK-based Tech Trailblazer Firestarter Award was designed explicitly to recognize innovative B2B startups that are bootstrapped and less than two years old. Finalists were chosen by a panel of industry experts, and winners chosen by public votes.
“We’re excited and honored to win this prestigious award. It validates our groundbreaking approach to improving software security. A very special thank you to our Santa Cruz community for the votes!” said Fuzz Stati0n Founder/CEO David Moore.
What the fuzz?
Fuzz testing – or fuzzing for short – is a dynamic technique that bombards a target application with random “garbage” input to force the execution of unanticipated paths, leading to potentially exploitable crashes. Fuzz Stati0n’s groundbreaking Continuous Fuzzing solution offers both developers (builders) and penetration testers (breakers) a more efficient and effective solution to security testing. Writing secure and reliable code in C/C++ is impossible when memory must be explicitly managed by hand. This method allows pre-release and regression fuzzing to be completed in hours, not days, and ships more secure code faster. Fuzz Stati0n’s Continuous Fuzzing reduces vulnerabilities for our customers, as well as tedious individual security updates, resulting in safer software worldwide.
For an in depth review of memory bugs, and a step by step introduction to the work flow developed by our David Moore, check out his speech “The Aftermath of a Fuzz Run” here:
While fuzz testing for errors and security holes has been used by hackers at a basic level in the past, our key innovation is combining the ground breaking, open source fuzzer American Fuzzy Lop (AFL for short) with cloud computing to create the Continuous Fuzzing industry. In other words, Fuzz Stati0n’s technology runs AFL at scale in the cloud, enabling fuzz runs to be completed in minutes, not days, freeing up our customers from the hassle and costs of maintaining their own fuzzing infrastructure. Continuous Fuzzing clusters many AWS EC2 instances to run AFL at scale.
Here’s how it works:
- We provide an AWS instance to the user.
- The user uploads an instrumented binary of the target application which they have compiled with AFL’s version of gcc or clang.
- We dry run AFL to make sure everything is in order.
- Then we spin up a fleet of cloud instances and start fuzzing. Our technology handles the coordination of the fuzz runs across the entire cluster.
- When the fuzz run is finished we consolidate the results and deliver them to the user. The corpus of crashing cases is minimized, as is each individual crashing file, simplifying crash triage for the user. We also provide a coverage report showing what parts of the program were executed during the run.
David and Goliath
Our newly forged market was validated last September when Microsoft has announced their Project Springfield, directly competing with our Continuous Fuzzing offering. The remainder of our competition is homegrown – builders and breakers are building (and maintaining) their own fuzzing infrastructure.
We are thrilled to bring this cutting-edge industry to Santa Cruz and have just launched a private beta with the help of some fantastic local companies. If you are interested in joining our second round of beta, then please contact us directly at firstname.lastname@example.org. We’d love to hear from you!