How to Prevent the next Heartbleed edit / delete

An interesting review of some of the approaches that didn't prevent the OpenSSL heartbeat bug (either because they weren't effective or because they weren't applied).

to buffer-overflow checking openssl security static-analysis testing ... on 02 May 2014

netem | The Linux Foundation edit / delete

How to simulate network problems (e.g. packet loss or delay) using the Linux network stack.

to ag0907 networking packet-loss testing ... on 28 April 2014

Diffie Hellman and TLS with nonsense parameters - Hanno's blog edit / delete

Apparently quite a lot of TLS implementations will happily accept 15 as a prime for DH key exchange. Presumably even if they were checking you could rely on the probabilistic test too...

to cryptography dh prime security ssl testing tls ... on 16 April 2014

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations edit / delete

Generating randomly-varied certificates and comparing how different implementations respond to them.

to ca certificate papers security ssl testing tls ... on 13 April 2014

Sixteen is not magic: Comment on Friston (2012) | [citation needed] edit / delete

Review of "Ten ironic rules for non-statistical reviewers". Read the original paper first, since it's got some good points -- particularly on exactly what the limitations on normality are, and why you need to be careful about very large studies -- but it probably overstates its case a bit, as this review suggests.

to hypothesis normality research statistics testing ... on 01 April 2014

Live Programming, Walkabout.js edit / delete

"I’m proposing to do [generative testing] at the scale of an application, not a routine; to define inputs as any non-deterministic query or listener; and to define failure as some inline assertion error or warning." In Javascript.

to javascript live-programming software teaching testing ... on 01 December 2013

clumsy, an utility for simulating broken network for Windows Vista / Windows 7 and above edit / delete

This is exactly the kind of things AG0907 students will want for testing their network games...

to ag0907 ip network packet software testing windows ... on 29 November 2013

Csmith edit / delete

"Csmith is a tool that can generate random C programs that statically and dynamically conform to the C99 standard. It is useful for stress-testing compilers, static analyzers, and other tools that process C code."

to c c99 compiler fuzzing software testing ... on 12 November 2013 edit / delete

"Delta assists you in minimizing "interesting" files subject to a test of their interestingness." -- i.e. it lets you bisect a file. This could be useful for reducing KRoC crasher examples...

to compiler research software testing ... on 13 February 2006

QuickCheck: An Automatic Testing Tool for Haskell edit / delete

"The programmer provides a specification of the program, in the form of properties which functions should satisfy, and QuickCheck then tests that the properties hold in a large number of randomly generated cases."

to haskell research software testing ... on 06 February 2006

Browser bookmarks: tasty+ | tasty= Log in | Export | Atom