SlideShare uma empresa Scribd logo

Fuzz Testing-Atul Khot

Transferir como PPT, PDF
B
bhumika2108

This document discusses fuzz testing techniques. It describes generating random data and inputs to test systems in unexpected ways. This allows discovering bugs like hangs, crashes, and performance issues. Examples mentioned include testing a math library by generating random expressions, testing a text messaging system by simulating many parallel messages, and testing a tree parsing algorithm with huge randomly generated directory trees. Fuzz testing uncovered bugs in areas like regular expressions, logging libraries causing bottlenecks, and parsing hangs.

Tecnologia
1 de 10
Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic typesTerence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloudChris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2avsorrent
 
iCloud
iCloudiCloud
iCloudAndri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic typesTerence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloudChris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2avsorrent
 
iCloud
iCloudiCloud
iCloudAndri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 
What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)Chris Riccomini
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Pythondidip
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch qualitydn
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch qualitymalcolmt
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandasOutreach Digital
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With PandasStephan Solomonidis
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temminghJohan Klerk
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data lokku
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingYaser Zhian
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talkc.titus.brown
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivicfpinto
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionAlan Dix
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...Eugene Kirpichov
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine LearningAngelo Simone Scotto
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxVikas Prabhu
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsAgile Lietuva
 
User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopbhumika2108
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium testsbhumika2108
 

Mais conteúdo relacionado

Semelhante a Fuzz Testing-Atul Khot

What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)Chris Riccomini
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Pythondidip
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch qualitydn
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch qualitymalcolmt
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temminghJohan Klerk
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data lokku
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingYaser Zhian
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivicfpinto
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionAlan Dix
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...Eugene Kirpichov
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine LearningAngelo Simone Scotto
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxVikas Prabhu
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsAgile Lietuva
 

Semelhante a Fuzz Testing-Atul Khot (20)

What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Python
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch quality
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch quality
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer games
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temmingh
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talk
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivi
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interaction
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine Learning
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptx
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile Tools
 

Mais de bhumika2108

User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopbhumika2108
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium testsbhumika2108
 
123 automation framework
123 automation framework123 automation framework
123 automation frameworkbhumika2108
 
Where do my tests belong?
Where do my tests belong?Where do my tests belong?
Where do my tests belong?bhumika2108
 
Wearables & testing
Wearables & testingWearables & testing
Wearables & testingbhumika2108
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Raybhumika2108
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...bhumika2108
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavanbhumika2108
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...bhumika2108
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koulbhumika2108
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanthbhumika2108
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...bhumika2108
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukhbhumika2108
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawarbhumika2108
 
Whats accessibility
Whats accessibilityWhats accessibility
Whats accessibilitybhumika2108
 
Add ons for software testers
Add ons for software testersAdd ons for software testers
Add ons for software testersbhumika2108
 
Relate UI automation & performance
Relate UI automation & performanceRelate UI automation & performance
Relate UI automation & performancebhumika2108
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Deybhumika2108
 

Mais de bhumika2108 (19)

User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshop
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium tests
 
123 automation framework
123 automation framework123 automation framework
123 automation framework
 
Where do my tests belong?
Where do my tests belong?Where do my tests belong?
Where do my tests belong?
 
Wearables & testing
Wearables & testingWearables & testing
Wearables & testing
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Ray
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koul
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanth
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawar
 
Whats accessibility
Whats accessibilityWhats accessibility
Whats accessibility
 
Add ons for software testers
Add ons for software testersAdd ons for software testers
Add ons for software testers
 
Relate UI automation & performance
Relate UI automation & performanceRelate UI automation & performance
Relate UI automation & performance
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Dey
 

Último

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Fuzz Testing-Atul Khot

  • 1. Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
  • 2. Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
  • 3. Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
  • 4. Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
  • 5. Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
  • 6. The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
  • 7. Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
  • 8. Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
  • 9. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
  • 10. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed