Parser Differentials: Finding Security Vulnerabilities in JSON Parsing

Explore a 43-minute conference talk from BSides Budapest IT Security Conference that delves into the security implications of parser differentials - instances where multiple parsers interpret the same structured message differently. Learn how these inconsistencies can create security vulnerabilities, even in seemingly simple formats like JSON. Discover the challenges of identifying parser differentials through fuzzing techniques, including methods for parallel parser testing and automated result classification. Gain practical insights through demonstrations of JSON parser differentials and understand why parsing structured messages isn't as straightforward as it might appear. Master the technical approaches to discovering these hidden threats and their potential impact on system security.