« earlier | later » Page 1 of 2
Destroying x86_64 instruction decoders with differential fuzzing | Trail of Bits Blog edit / delete
A neat use of fuzzing.
Clean Coder Blog edit / delete
Mutation testing: testing your test suite by systematically introducing faults and seeing whether it picks them up. Nice.
to bugs mutation-testing software-engineering testing ... on 28 August 2016
How Not To Run An A/B Test edit / delete
"Decide on a sample size in advance and wait until the experiment is over before you start believing the “chance of beating original” figures that the A/B testing software gives you."
to ag0803 honours significance statistics testing ... on 24 August 2014
lcamtuf's blog: A bit more about american fuzzy lop edit / delete
Coverage-directed fuzzing tool, from the author of p0f et al. Easy to set up and play with.
to coverage coverage-directed fuzzing security testing ... on 05 August 2014
How to Prevent the next Heartbleed edit / delete
An interesting review of some of the approaches that didn't prevent the OpenSSL heartbeat bug (either because they weren't effective or because they weren't applied).
to buffer-overflow checking openssl security static-analysis testing ... on 02 May 2014
netem | The Linux Foundation edit / delete
How to simulate network problems (e.g. packet loss or delay) using the Linux network stack.
to ag0907 networking packet-loss testing ... on 28 April 2014
Diffie Hellman and TLS with nonsense parameters - Hanno's blog edit / delete
Apparently quite a lot of TLS implementations will happily accept 15 as a prime for DH key exchange. Presumably even if they were checking you could rely on the probabilistic test too...
to cryptography dh prime security ssl testing tls ... on 16 April 2014
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations edit / delete
Generating randomly-varied certificates and comparing how different implementations respond to them.
to ca certificate papers security ssl testing tls ... on 13 April 2014
Sixteen is not magic: Comment on Friston (2012) | [citation needed] edit / delete
Review of "Ten ironic rules for non-statistical reviewers". Read the original paper first, since it's got some good points -- particularly on exactly what the limitations on normality are, and why you need to be careful about very large studies -- but it probably overstates its case a bit, as this review suggests.
to hypothesis normality research statistics testing ... on 01 April 2014
« earlier | later » Page 1 of 2
| - testing | |
| 1 | + ag0803 |
| 2 | + ag0907 |
| 1 | + buffer-overflow |
| 1 | + bugs |
| 1 | + c |
| 1 | + c99 |
| 1 | + ca |
| 1 | + certificate |
| 1 | + checking |
| 1 | + cmp201 |
| 2 | + compiler |
| 1 | + coverage |
| 1 | + coverage-directed |
| 1 | + cpu |
| 1 | + cryptography |
| 1 | + dh |
| 3 | + fuzzing |
| 1 | + haskell |
| 1 | + honours |
| 1 | + hypothesis |
| 1 | + ip |
| 1 | + javascript |
| 1 | + live-programming |
| 1 | + mutation-testing |
| 1 | + network |
| 1 | + networking |
| 1 | + normality |
| 1 | + openssl |
| 1 | + packet |
| 1 | + packet-loss |
| 1 | + papers |
| 1 | + prime |
| 1 | + random |
| 3 | + research |
| 5 | + security |
| 1 | + significance |
| 5 | + software |
| 1 | + software-engineering |
| 2 | + ssl |
| 1 | + static-analysis |
| 2 | + statistics |
| 1 | + teaching |
| 2 | + tls |
| 1 | + windows |
| 1 | + x86 |
tasty by Adam Sampson.