Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

New Fuzz Testing Article

October 12, 2007

I’m ecstatic (yes, that’s really the only way to describe it) that my third feature article is in this month’s MSDN magazine - http://msdn.microsoft.com/msdnmag/issues/07/11/FUZZTesting/default.aspx.  Why?  Well, for one thing, getting anything published is a huge privilege, but especially in a publication like that.  For another thing, MSDN’s yearly security issue always rocks, and this one is no exception.  And – I received some excellent feedback on this article while writing it, and so it’s better than I could have accomplished otherwise, and that’s cool.  Finally, the topic is timely.

The topic is extending Visual Studio Team Edition for Testers to perform security fuzz testing.  I show how to write a Test Interface Provider and demonstrate one approach to “fuzzing”. 

Relevant links:

Other peoples’ definition of fuzzing - http://en.wikipedia.org/wiki/Fuzz_testing
Sulley, which is pretty much the hot fuzzing framework right now - http://www.fuzzing.org/wp-content/Sulley%20Fuzzing%20Framework.exe
VSTE for Testers - http://msdn2.microsoft.com/en-us/library/ms182409(VS.80).aspx
The VSIP program - http://msdn2.microsoft.com/en-us/teamsystem/aa718821.aspx

 

 

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment