"For Hacker and Developers"
Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the year, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Usually, Rust is used for files format and protocols parsers but also on critical projects like in the new high-performance browser engine, Servo.
However, coding using memory-safe language doesn’t mean the code will be bugs-free. Different kind of vulnerability like overflows, DoS, UaF, OOB, etc. can still be found and sometime exploited to achieve remote code execution (RCE).
This goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using differents techniques.
Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class.
Introduction to Rust
Security concepts & Ownership
Error handling & Unwrapping
Attack surface discovery
Rust vulnerabilities & impacts
Uninitialized & Zeroing memory
Setup fuzzers easily (libfuzzer, afl, honggfuzz)
Debugging / Bugs analysis
Sanitizers (ASAN, MSAN, …)
We offer the world’s first WebAssembly Security training in 4 or 5 days format. We only provide 2 days Rust Security training. All our onsite trainings start at just 5 participants. Customization of the training is possible, but need to be request as soon as possible.
Check out the complete training content we can offer.