Scott Stender: Blind Security Testing - An Evolutionary Approach
Jan 09, 2006•59 min
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases.
Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened against attack, something more sophisticated is required. Evolutionary algorithms can be used to gain the benefits of both approaches: tests that are better directed than random test cases but are not rigidly tied to data types.
This topic has been a hot one in the security industry for several years. Many approaches use code coverage or debugging techniques as key inputs for test case generation. Though helpful, these require complete access to the system under test.
This talk will cover the use of evolutionary algorithms in blind security testing, with an emphasis on test case generation and evaluation of test results. The concepts presented can be applied to any application under test, though this presentation will use web applications as the systems under test.
Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened against attack, something more sophisticated is required. Evolutionary algorithms can be used to gain the benefits of both approaches: tests that are better directed than random test cases but are not rigidly tied to data types.
This topic has been a hot one in the security industry for several years. Many approaches use code coverage or debugging techniques as key inputs for test case generation. Though helpful, these require complete access to the system under test.
This talk will cover the use of evolutionary algorithms in blind security testing, with an emphasis on test case generation and evaluation of test results. The concepts presented can be applied to any application under test, though this presentation will use web applications as the systems under test.
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast