SlideShare uma empresa Scribd logo

Fuzz Testing-Atul Khot

Transferir como PPT, PDF
B
bhumika2108

This document discusses fuzz testing techniques. It describes generating random data and inputs to test systems in unexpected ways. This allows discovering bugs like hangs, crashes, and performance issues. Examples mentioned include testing a math library by generating random expressions, testing a text messaging system by simulating many parallel messages, and testing a tree parsing algorithm with huge randomly generated directory trees. Fuzz testing uncovered bugs in areas like regular expressions, logging libraries causing bottlenecks, and parsing hangs.

Tecnologia
1 de 10
Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic typesTerence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloudChris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2avsorrent
 
iCloud
iCloudiCloud
iCloudAndri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 

Recomendados

Static vs dynamic types
Static vs dynamic typesStatic vs dynamic types
Static vs dynamic typesTerence Parr
 
Bonjour, iCloud
Bonjour, iCloudBonjour, iCloud
Bonjour, iCloudChris Adamson
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Icloud keynote2
Icloud keynote2Icloud keynote2
Icloud keynote2avsorrent
 
iCloud
iCloudiCloud
iCloudAndri Yadi
 
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
 
Good ideas that we forgot
Good ideas that we forgot Good ideas that we forgot
Good ideas that we forgot J On The Beach
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...Moabi.com
 
What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)Chris Riccomini
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Pythondidip
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch qualitydn
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch qualitymalcolmt
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandasOutreach Digital
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With PandasStephan Solomonidis
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temminghJohan Klerk
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data lokku
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingYaser Zhian
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talkc.titus.brown
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivicfpinto
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionAlan Dix
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...Eugene Kirpichov
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine LearningAngelo Simone Scotto
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxVikas Prabhu
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsAgile Lietuva
 
User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopbhumika2108
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium testsbhumika2108
 

Mais conteúdo relacionado

Semelhante a Fuzz Testing-Atul Khot

What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)Chris Riccomini
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Pythondidip
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch qualitydn
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch qualitymalcolmt
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temminghJohan Klerk
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data lokku
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingYaser Zhian
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivicfpinto
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionAlan Dix
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...Eugene Kirpichov
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine LearningAngelo Simone Scotto
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxVikas Prabhu
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsAgile Lietuva
 

Semelhante a Fuzz Testing-Atul Khot (20)

What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)What Your Tech Lead Thinks You Know (But Didn't Teach You)
What Your Tech Lead Thinks You Know (But Didn't Teach You)
 
Why I Love Python
Why I Love PythonWhy I Love Python
Why I Love Python
 
Code quality; patch quality
Code quality; patch qualityCode quality; patch quality
Code quality; patch quality
 
Code quality. Patch quality
Code quality. Patch qualityCode quality. Patch quality
Code quality. Patch quality
 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer games
 
2010 za con_roelof_temmingh
2010 za con_roelof_temmingh2010 za con_roelof_temmingh
2010 za con_roelof_temmingh
 
A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data A living hell - lessons learned in eight years of parsing real estate data
A living hell - lessons learned in eight years of parsing real estate data
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
2014 pycon-talk
2014 pycon-talk2014 pycon-talk
2014 pycon-talk
 
Codebits Handivi
Codebits HandiviCodebits Handivi
Codebits Handivi
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
 
HCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interactionHCI 3e - Ch 18: Modelling rich interaction
HCI 3e - Ch 18: Modelling rich interaction
 
How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...How my visualization tools use little memory: A tale of incrementalization an...
How my visualization tools use little memory: A tale of incrementalization an...
 
An Introduction to Machine Learning
An Introduction to Machine LearningAn Introduction to Machine Learning
An Introduction to Machine Learning
 
Effective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptxEffective Techniques for Support Teams.pptx
Effective Techniques for Support Teams.pptx
 
Dmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile ToolsDmitry Lebedev: Agile Testing Using Agile Tools
Dmitry Lebedev: Agile Testing Using Agile Tools
 

Mais de bhumika2108

User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopbhumika2108
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium testsbhumika2108
 
123 automation framework
123 automation framework123 automation framework
123 automation frameworkbhumika2108
 
Where do my tests belong?
Where do my tests belong?Where do my tests belong?
Where do my tests belong?bhumika2108
 
Wearables & testing
Wearables & testingWearables & testing
Wearables & testingbhumika2108
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Raybhumika2108
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...bhumika2108
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavanbhumika2108
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...bhumika2108
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koulbhumika2108
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanthbhumika2108
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...bhumika2108
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukhbhumika2108
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawarbhumika2108
 
Whats accessibility
Whats accessibilityWhats accessibility
Whats accessibilitybhumika2108
 
Add ons for software testers
Add ons for software testersAdd ons for software testers
Add ons for software testersbhumika2108
 
Relate UI automation & performance
Relate UI automation & performanceRelate UI automation & performance
Relate UI automation & performancebhumika2108
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Deybhumika2108
 

Mais de bhumika2108 (19)

User Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshopUser Story Mapping - WHY and HOW, a handson workshop
User Story Mapping - WHY and HOW, a handson workshop
 
Saying no to selenium tests
Saying no to selenium testsSaying no to selenium tests
Saying no to selenium tests
 
123 automation framework
123 automation framework123 automation framework
123 automation framework
 
Where do my tests belong?
Where do my tests belong?Where do my tests belong?
Where do my tests belong?
 
Wearables & testing
Wearables & testingWearables & testing
Wearables & testing
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Did you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi RayDid you check the UX Quality?-Rajarshi Ray
Did you check the UX Quality?-Rajarshi Ray
 
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
QAing INFRASTRUCTURE- A QA's role in the DevOps World-Aroj P George & Harshad...
 
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha VijayaraghavanWhy did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
Why did we delete our regression suite? Deepak Parmasivam & Sneha Vijayaraghavan
 
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
Why do cars need to have the right breaking system -Shalabh Varma & Manisha A...
 
Why test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak KoulWhy test automation promises more and delivers less - Deepak Koul
Why test automation promises more and delivers less - Deepak Koul
 
Accessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and SiddhanthAccessibility testing-Gyani and Siddhanth
Accessibility testing-Gyani and Siddhanth
 
Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...Why every Tester should also aspire to be a Developer on his project!-Sandee...
Why every Tester should also aspire to be a Developer on his project!-Sandee...
 
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree DeshmukhReal time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
Real time trend and failure analysis using TTA-Anand Bagmar & Aasawaree Deshmukh
 
Web android automation-Darshan Padmawar
Web android automation-Darshan PadmawarWeb android automation-Darshan Padmawar
Web android automation-Darshan Padmawar
 
Whats accessibility
Whats accessibilityWhats accessibility
Whats accessibility
 
Add ons for software testers
Add ons for software testersAdd ons for software testers
Add ons for software testers
 
Relate UI automation & performance
Relate UI automation & performanceRelate UI automation & performance
Relate UI automation & performance
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Dey
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Fuzz Testing-Atul Khot

  • 1. Fuzz Testing Atul S. Khot (atul.khot@gmail.com) VodQA ThoughtWorks Pune - 2013
  • 2. Random behavior aka Insanity  Testing the “drink maker”  lemon juice + milk + tea leaves + (black?) salt  Rather a fuzzy drink ;-)   We human beings are somewhat “conditioned” - computers aren't And that is good!!!
  • 3. Of talking gibberish  Try throwing senseless data at your system  And see what is uncovered    Hangs/infinite loops/exceptions/Deadlocks/race conditions whatever ;-) Better let the computer go insane (it is all raring to go...) And no call to recall your initial C days... Pointers going haywire? Etc...
  • 4. Is tommath right?   How do I test tommath gets its arithmetic right? Generate random numbers – next generate artihmetic expressions (*,/,+,-)  Run the expressions throught tommath  Run the expressions through gnu bc   Compare – 30 million – different expressions – over 4 days You get a fair good idea All gory details in my Linux For You article
  • 5. Uncovering performance bottlenecks      A campaign manager – customer needs to send a text sms to 16 million cell numbers Cannot test – as one run would cost $35000/Decouple (very handy techique) – instead of sending to real webservice – send it to a mock Shell scripts run in parallel – you can spawn many thousand parallel processes easily... Each process is a simple socket client – sending a mobile number – and the message
  • 6. The surprise is revealed  Our algorithms were right  No big deadlocks  For this huge run – profiler indicated log4j as the culprit  Log4j's writing to a log file – was a bottleneck   Solution - use an Async appender – Events are logged asynchronously Nobody thought log4j as a possible suspect ;-)
  • 7. Ideas galore     Needed to test a complex tree manipulation algorithm written in TCL I coded the algorithm – to test I needed very big trees Directories – Perl slicing and dicing – C++ boost library (open source) – Files correspond to leaves in the tree Directories are essentially random trees –
  • 8. Bugs surface...  Revealed a bug - we needed to make some regex greedier  Was a corner case  Hard to see how we could have come upon it with manual testing  A TCL expert from Norway carefully reviewed  Okayed – big moment ;-)
  • 9. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed
  • 10. Platypus – (http://platypus.pz.org/)  It is just (?) simplified Latex  Elaborate parser  Fuzz unleashed  Produced a hang  Deemed low priority –  Will eventually get addressed