Robustness testing - black-box testing for software security
Ari Takanen - Codenomicon Ltd.
Oct 27, 2004Size: 219.7MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractThe robustness testing method is based on systematic creation of a very large number of communication protocol messages containing exceptional data elements and structures simulating malicious attacks or corrupted traffic. The method provides a proactive way of assessing software robustness and security. Robustness here is defined as the ability of software to tolerate exceptional input and stressful environment conditions. A piece of software which is not robust fails when facing such circumstances. In the worst case, a malicious intruder can take advantage of robustness shortcomings to deny service from authentic users or to compromise the system running the piece of software. As part of one robustness testing usage scenario, namely security assessment, also the communication process from security vulnerability discovery to vulnerability elimination will be explored. This research was originally initiated in PROTOS project at the University of Oulu, Finland.
About the SpeakerAri Takanen, founder and CEO of Codenomicon has since 1998 been researching information security issues in security-critical environments. His work at Codenomicon and at the OUSPG (University of Oulu) aims to ensure that new technologies are accepted by the general public by providing means of measuring and ensuring quality in networked software. Ari Takanen is one of the people behind the PROTOS research that studied information security and reliability errors in e.g. WAP, SNMP, LDAP and SIP implementations. His company, Codenomicon Ltd. provides automated tools with a systematic approach to test a multitude of interfaces on mission critical software.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.