We will be holding a LangSec hackathon at the Fairmont Hotel on Wednesday May 24, the day before the workshop. You don't need to register for the workshop to take part in the Hackathon.
We will start the day with introductions from creators of Hammer and Nom parser combinators to their tools, and will also include a short training on libFuzzer, which will be used to test parsers.
The goal will be to implement as many popular protocols that need secure input handling as possible, in the [Hammer] framework of parser combinators, in any language that Hammer has bindings for, and in [Nom], the powerful Rust parser combinator library.
Check out the [Hammer Primer] for a series of video tutorials about programming with Hammer. Check out Nom's github page for examples of parsers written in Nom.
Creators of Hammer and Nom will be on site and glad to share knowledge of the tools' internals and idioms.
The conference will provide a space with suitable Wi-Fi and power access. We are currently looking for sponsors for food and caffeinated drinks.
The hackathon will start with tutorials on the tools, delivered by their authors. We plan three tutorials:
Hammer tutorial, "Everything Looks Like a Nail", by Meredith L. Patterson & Daniel 'Tq' Hirsch
Nom tutorial, by Pierre Chifflier & Geoffroy Couprie
libFuzzer tutorial, by Kostya Serebryany
Where: The Fairmont Hotel, San Jose, CA
The hackathon will be co-located with our LangSec Security & Privacy Workshop. The workshop will be held on Thursday May 25; the hackathon will be held on Wednesday May 24. Please pre-register so that we can plan for hotel space!
How to join:
Send an email with the subject of "hackathon" to sergey
Do I need to register for the LangSec workshop on May 25?:
No. The workshop follows the general IEEE Security & Privacy setup, which means a non-nominal registration fee to attend the presentations. These presentations will be recorded and eventually posted to Youtube. Although we plan to sponsor a limited number of registrations (e.g., for students), you don't need to register to take part in the Hackathon.
We will offer tasks in parser implementation using
Hammer, the C/C++ parser combinator library and parser construction kit with bindings for Ruby, Python, and other languages, and
Nom, the Rust parser combinator library, which is wicked fast and can be integrated with your C code.
For both tools, we will have their authors attenting and giving short introductions to the tools to hackathon attendees (you).
Additionally, we will integrate Google's libFuzzer to test the parser code right at the point of check-in. This way, you will see if you got it right the first time---which we believe you will, with the right tools!