46 min
Solidity Fuzzing & Web3 Testing with a Trail of Bits Security Engineer Devs Do Something
-
- Technology
This week's episode features an interview between Patrick Collins and a Web3 Security Engineer at Trail of Bits. They cover:- testing methodologies- fuzzing- static analysis
With Trail of Bits Security Engineer, Troy!
Timestamps3:10 - Exploring Smart Contract Testing Methodologies with Trail of Bits5:37 - Testing Strategies for Smart Contracts8:10 - Fuzz Testing and Invariant-Based Testing Explained10:56 - Coverage Guided Fuzzing Explained13:50 - The Benefits of Coverage Guided Fuzzing and the Differences between Echidna, Foundry, & Others16:27 - Using Coverage Guided Fuzzing with Optic and Echidna19:12 - Symbolic execution and coverage-guided fuzzing in Echidna21:57 - Testing Philosophies: Dynamic vs. Static Testing24:24 - Dynamic vs Static Analysis and the trade-offs of each approach27:10 - The Importance of Efficient Testing and Using a Variety of Testing Methods29:57 - The Role of Security Firms and Testing Philosophies32:33 - Balancing Cost and Efficiency in Security Audits35:15 - The Importance of Code Reuse in Building Tools and Languages38:04 - The pitfalls of focusing on language intricacies in programming and the benefits of prioritizing language design and philosophy40:41 - The Need for More Open Source Tools and Communication in the Ethereum Community43:22 - Advice for becoming more security-minded in smart contract coding45:51 - Discussion with Alpha Rush on Testing Compilers and Security Focus Journeys
This week's episode features an interview between Patrick Collins and a Web3 Security Engineer at Trail of Bits. They cover:- testing methodologies- fuzzing- static analysis
With Trail of Bits Security Engineer, Troy!
Timestamps3:10 - Exploring Smart Contract Testing Methodologies with Trail of Bits5:37 - Testing Strategies for Smart Contracts8:10 - Fuzz Testing and Invariant-Based Testing Explained10:56 - Coverage Guided Fuzzing Explained13:50 - The Benefits of Coverage Guided Fuzzing and the Differences between Echidna, Foundry, & Others16:27 - Using Coverage Guided Fuzzing with Optic and Echidna19:12 - Symbolic execution and coverage-guided fuzzing in Echidna21:57 - Testing Philosophies: Dynamic vs. Static Testing24:24 - Dynamic vs Static Analysis and the trade-offs of each approach27:10 - The Importance of Efficient Testing and Using a Variety of Testing Methods29:57 - The Role of Security Firms and Testing Philosophies32:33 - Balancing Cost and Efficiency in Security Audits35:15 - The Importance of Code Reuse in Building Tools and Languages38:04 - The pitfalls of focusing on language intricacies in programming and the benefits of prioritizing language design and philosophy40:41 - The Need for More Open Source Tools and Communication in the Ethereum Community43:22 - Advice for becoming more security-minded in smart contract coding45:51 - Discussion with Alpha Rush on Testing Compilers and Security Focus Journeys
46 min