Rust is a strongly typed and safe systems programming language developed by Mozilla. Over the years, it has become the language of choice to build memory-safe programs while maintaining high performance at scale. Rust is usually used for file format and protocol parsers but also on critical projects like in the new high-performance browser engine, Servo.
However, coding using memory-safe language doesn’t mean the code will be bug-free. Different kinds of rust security vulnerabilities like overflows, DoS, UaF, OOB, etc. can still be found and sometimes exploited to achieve remote code execution (RCE).
The goal of this course is to give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low-hanging fruit bugs manually and automatically using Rust security auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques.
Along this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.
This course is suitable for people that are new to Rust. All the theory and concepts about Rust security and Rust fuzz testing will be explained during the course.