Fuzzing PostgreSQL | POSETTE: An Event for Postgres 2026

Microsoft Developer · Beginner ·🔧 Backend Engineering ·4w ago

Key Takeaways

Introduces fuzzing as a technique for discovering edge-case bugs in PostgreSQL, applying it to the client library libpq

Original Description

Take a closer look at fuzzing in PostgreSQL. Adam Wolk (Microsoft) presents his talk “Fuzzing PostgreSQL” at POSETTE: An Event for Postgres 2026. Abstract: Fuzzing is a simple but powerful technique for discovering edge-case bugs in large, stateful systems like PostgreSQL. This talk shows how to apply it to Postgres’ client library libpq which handles every network connection before the server sees a query. We’ll walk through building minimal harnesses, generating and mutating protocol inputs, and reasoning about what makes fuzzing effective on complex C codebases. The session is meant as a practical guide: how to start fuzzing a Postgres-related project, what challenges to expect, and what kind of issues you can realistically uncover along the way. In this session you will learn: * what fuzzing is and why it finds bugs other techniques miss * which PostgreSQL surfaces make good fuzzing targets and why * how to apply fuzzing to Postgres networking components (libpq) If you’re a PostgreSQL developer, this talk will add another tool for improving the stability and security of the projects you build. Adam Wolk is an openBSD developer interested in database engineering, distributed systems, information security & networking. Adam is an experienced team leader who has developed systems from the ground up from C on ARM devices, through back-end systems in Go, Python and Rails to web front ends in modern JavaScript frameworks - all continuously integrated, deployed and monitored. Currently, Adam is pushing at the edge of distributed SQL as a Principal Program Manager for Azure Database for PostgreSQL at Microsoft. ► Video chapters: ⏩ 0:00 Music & introduction ⏩ 0:47 Speaker intro: security and systems background ⏩ 1:39 What is fuzzing? From random to coverage feedback ⏩ 5:00 Toy C program: 6 branches to a hidden crash ⏩ 8:28 Fuzzers in action: AFL and Honggfuzz ⏩ 10:36 Pulling JPEGs out of thin air: fuzzers as learners ⏩ 11:56 Testing is polite, fuzzing is rude ⏩ 13
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

Up next
Indian Express Editorial Analysis by Chandan Sharma - 1 JULY 2026 | UPSC Current Affairs 2026
StudyIQ IAS
Watch →