Fuzzing PostgreSQL | POSETTE: An Event for Postgres 2026

Jun 16, 2026Channel
AI Analysis
Data from YouTube Data API v3Updated Just now

Video Overview

Video Details

Published1 month ago
Duration23:58
Video IDF2DJuDX6XHg
Languageen
CategoryScience & Technology
PrivacyPublic
Made for KidsNo
Video TypeRegular Video

Performance Metrics

Views66
Likes2
Comments0
Engagement Rate3.03%
Likes per 100 views3.03
Comments per 1K views0.00

Description

Take a closer look at fuzzing in PostgreSQL. Adam Wolk (Microsoft) presents his talk “Fuzzing PostgreSQL” at POSETTE: An Event for Postgres 2026. Abstract: Fuzzing is a simple but powerful technique for discovering edge-case bugs in large, stateful systems like PostgreSQL. This talk shows how to apply it to Postgres’ client library libpq which handles every network connection before the server sees a query. We’ll walk through building minimal harnesses, generating and mutating protocol inputs, and reasoning about what makes fuzzing effective on complex C codebases. The session is meant as a practical guide: how to start fuzzing a Postgres-related project, what challenges to expect, and what kind of issues you can realistically uncover along the way. In this session you will learn: * what fuzzing is and why it finds bugs other techniques miss * which PostgreSQL surfaces make good fuzzing targets and why * how to apply fuzzing to Postgres networking components (libpq) If you’re a PostgreSQL developer, this talk will add another tool for improving the stability and security of the projects you build. Adam Wolk is an openBSD developer interested in database engineering, distributed systems, information security & networking. Adam is an experienced team leader who has developed systems from the ground up from C on ARM devices, through back-end systems in Go, Python and Rails to web front ends in modern JavaScript frameworks - all continuously integrated, deployed and monitored. Currently, Adam is pushing at the edge of distributed SQL as a Principal Program Manager for Azure Database for PostgreSQL at Microsoft. ► Video chapters: ⏩ 0:00 Music & introduction ⏩ 0:47 Speaker intro: security and systems background ⏩ 1:39 What is fuzzing? From random to coverage feedback ⏩ 5:00 Toy C program: 6 branches to a hidden crash ⏩ 8:28 Fuzzers in action: AFL and Honggfuzz ⏩ 10:36 Pulling JPEGs out of thin air: fuzzers as learners ⏩ 11:56 Testing is polite, fuzzing is rude ⏩ 13:37 Why fuzz PostgreSQL? An attack-surface map ⏩ 16:33 Networking protocol and libpq as the high-value target ⏩ 17:00 Prior talks and the challenges of fuzzing Postgres ⏩ 20:21 A simpler harness approach and live demo ⏩ 22:20 Lessons learned and what's next 📕 Everything you need to know about POSETTE: An Event for Postgres can be found at: https://posetteconf.com ✅ Learn more: watch more POSETTE talks: https://aka.ms/posette-playlist 📌 Let’s connect: LinkedIn: https://www.linkedin.com/company/posetteconf/ X – @PosetteConf, https://x.com/PosetteConf Mastodon – @posetteconf, https://mastodon.social/@posetteconf Bluesky – @posetteconf.com, https://aka.ms/posette-on-bluesky #PosetteConf #PostgreSQL #Security

Related Videos

More videos from Microsoft Developer