Check out the show notes for links to articles we covered.

Fuzzing

Hello Protocols, Packets, and Programs,

This past Saturday was Free RPG Day, which celebrates gaming, dice, and the ability to coordinate a schedule with more than one person.

I’ve mentioned before how role-playing games are an excellent way to build threat modeling skills.

Present players with a door in a dungeon and sit back as the analysis unfolds for several hours.

RPGs are also an excellent tool for building analog fuzzing skills.

Find an ambiguous rule and watch as players attempt to bend it to their will.

Such discussions have inspired phrases like Rules as Written, Rules as Intended, and Rules as Fun to describe different methods of interpretation.

Appsec also looks at code as written and code as intended.

It just never spends enough time on the fun.