Practical Web Browser Fuzzing

Discover how to uncover browser vulnerabilities and automate bug discovery effortlessly!

This hands-on training focuses on advanced techniques in web browser fuzzing, equipping you with the skills to detect browser-specific vulnerabilities, automate testing workflows, and analyze crash reports effectively. Learn to harness cutting-edge fuzzing tools and methodologies to stay at the forefront of browser security research.

⏳ 32 hours | 🧑‍🎓 100+ students | 🔄 Last updated: 15/01/2025

Private Session
E-LEARNING

What you will learn

Mastering Practical Web Browser Fuzzing Techniques

Participants will learn advanced fuzzing methods specifically tailored for web browsers, equipping them with the tools to uncover security vulnerabilities in browser environments. Hands-on exercises ensure practical expertise for real-world application.

Conducting Security Audits for Browsers

The course dives into auditing techniques for browser security, enabling learners to identify, analyze, and mitigate potential threats. This includes an understanding of browser-specific vulnerabilities and their exploitation.

Building and Customizing Fuzzing Tools

Participants will gain the skills to design and adapt fuzzing tools for unique browser testing scenarios. The focus is on developing custom workflows that meet specific testing and security needs.

What’s included ?

👨‍🏫 Expert instructor-led sessions with live explanations
👨‍💻 25+ hands-on exercises & labs
♾️ Lifetime access to the ressources
📖 280+ digital and printable slides
📝 Assignments to apply your new skills
💯 Certificate of completion

Perfect for…

This course is for anyone who’s looking for a hands-on and pragmatic approach to audit and secure Rust code such as:

✔ Security engineers
✔ Vulnerability researchers
✔ Pentesters & Red team professionals

Pricing

Individual/
Self-Paced

$4 400
  • E-Learning
Let's talk
BEST VALUE

Teams
On Demand

Starting at
 $4 200
 per participant
  • E-Learning
Let's talk

Private Training

Starting at
 $20 000
  • Instructor led
  • In Person or Live Online
Let's talk

Your instructors

patrick ventuzelo webassembly security rust fuzzing

Patrick
Ventuzelo

Patrick, CEO & Founder of FuzzingLabs, has 7 years of experience training on Rust and Go, applied to fuzzing and reverse engineering.

Tanguy
Duhamel

Tanguy, lead developer, specializes in distributed fuzzing techniques and code auditing, leveraging Rust for high-performance tools.

Trainings at Upcoming Events and Conferences

Past Public Trainings

Content

Module 1: Introduction to Browser Fuzzing
  • Introduction to Fuzzing
  • Modern Browser Architecture & major Components
  • Setting up a Testing and Debugging environment
  • Compile and Explore famous browser codebases
  • Fuzzing Web Browsers Fundamentals
  • Improving your Fuzzing Workflow & Automation
Module 2: Fuzzing DOM & Rendering engines
  • Introduction to the Rendering engine
  • HTML/CSS/XML Parsing
  • Analysis of existing CVEs, Issues, and PoCs
  • Blink, Gecko & WebKit Fuzzing
  • DOM rendering & Implementation
  • Fuzzing DOM using Grammar-based Fuzzing
Module 3: Fuzzing JavaScript Engines & JIT Compilers
  • JavaScript Engine Internals & APIs
  • Memory management and Garbage collection
  • Analysis of existing CVEs, Issues, and PoCs
  • V8, Spidermonkey & JavaScriptCore Fuzzing
  • JIT compilers Internals
  • TurboFan and IonMonkey Fuzzing
Module 4: Fuzzing WebAssembly Compilers & APIs
  • Introduction to WebAssembly
  • VM Architecture & Implementation
  • Analysis of existing CVEs, Issues, and PoCs
  • Fuzzing WebAssembly JavaScript APIs
  • WebAssembly compilers internals
  • WebAssembly In-process Fuzzing
Module 5: Fuzzing IPC and other Components
  • Inter-Process Communication (IPC) Internals
  • Analysis of existing CVEs, Issues, and PoCs
  • Fuzzing Chrome Mojo/Legacy IPC
  • Discovery of other Components Implementation
  • Networking/Data Persistence APIs
  • Fuzzing Media and other Plugins

Prerequisite

  • Familiarity with scripting (Python, Bash) and Linux.
  • Familiarity with C/C++ and JavaScript.
  • A working laptop capable of running virtual machines
  • 8GB RAM required, at a minimum
  • 80 GB free Hard disk space
  • VirtualBox
  • Administrator/root access MANDATORY

What our Students say

Very interesting compilation on the fuzzing tricks and techniques on existing and upcoming browser features. I love the fact that many online resources are also compiled into the training slides. I’ve learnt a lot from the trainer for the past 4 days. Will definitely recommend this training to anyone that has an interest in fuzzing browsers but do not know where to start.

Anonymous

Vulnerability Researcher

I recommend this training to anyone that is interested in having a well guided kick start to fuzzing. Patrick offers very well thought out fundamentals and methodology to fuzzing and it was definitely very useful. I enjoyed the thought process and methodology on how I could fuzz different parts of the browser. While there are materials to fuzzing online, the thought process of which fuzzing technique to use is often not highlighted very clearly, and Patrick was able to share that thought process in his training.

Anonymous

Vulnerability Researcher

Good sharing of fuzzing tools and setup. Great materials for browser internals and recommendations for internal studies. Will recommend if you want to pick up browser fuzzing and understanding of general concepts for browser internals.

Anonymous

Vulnerability Researcher

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.

Let's Talk

Our latest articles about Browsers

Keep in touch with us !

email

contact@fuzzinglabs.com

X (Twitter)

@FuzzingLabs

Github

FuzzingLabs

LinkedIn

FuzzingLabs

email

contact@fuzzinglabs.com

X (Twitter)

@FuzzingLabs

Github

FuzzingLabs

LinkedIn

FuzzingLabs