[Openstack-security] Fuzzy test framework in Tempest
Sriram Subramanian
sriram at sriramhere.com
Fri Feb 14 07:51:04 UTC 2014
FYI: I felt fuzzing could be an interesting project for
GSoC<https://wiki.openstack.org/wiki/GSoC2014#Mentors>,
so proposed it as one of the project ideas. I am not sure how many of those
projects would get selected; in case it gets selected, hey, we get an
intern!
Marc - would look for your bp!
Thanks!
On Thu, Feb 13, 2014 at 11:43 PM, Sriram Subramanian
<sriram at sriramhere.com>wrote:
> Thanks Bryan!
>
>
> On Thu, Feb 13, 2014 at 9:35 PM, Bryan D. Payne <bdpayne at acm.org> wrote:
>
>> We left it with Marc needing to take the next step, which will be to put
>> together a blueprint for this. Once he has that in place, he'll let OSSG
>> know and we can help him drive it forward.
>>
>> Marc, please let us know if I missed something.
>>
>> Cheers,
>> -bryan
>>
>>
>>
>> On Thu, Feb 13, 2014 at 8:08 PM, Sriram Subramanian <
>> sriram at sriramhere.com> wrote:
>>
>>> Bryan/ Marc,
>>>
>>> Apologies I missed the OSSG meeting. Looks like this was discussed last
>>> week, but I didn't see any action items or updates in the logs. Could one
>>> of you update please?
>>>
>>> thanks,
>>> -Sriram
>>>
>>>
>>> On Wed, Feb 5, 2014 at 9:57 AM, Bryan D. Payne <bdpayne at acm.org> wrote:
>>>
>>>> Marc,
>>>>
>>>> This is certainly of interest to OSSG. There were some people talking
>>>> about doing security testing before the last summit, but I haven't heard
>>>> much about that recently. Please do join us for the meeting tomorrow and
>>>> we can discuss in some more detail. I'll see if I can encourage the other
>>>> parties to participate as well.
>>>>
>>>> Cheers,
>>>> -bryan
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Feb 5, 2014 at 6:54 AM, Koderer, Marc <m.koderer at telekom.de>wrote:
>>>>
>>>>> Hello Security Team,
>>>>>
>>>>> David and I are currently working on an automated framework for
>>>>> negative
>>>>> testing in Tempest. This frameworks generates tests out of json schema
>>>>> definitions (see https://review.openstack.org/#/c/64733/ and
>>>>> https://blueprints.launchpad.net/tempest/+spec/negative-tests).
>>>>>
>>>>> During discussion we came to the idea that it would be quite easy to
>>>>> build a
>>>>> security fuzzy test framework out of existing pieces in Tempest. If
>>>>> we'd run
>>>>> the negative tests in our stress test framework that launches a
>>>>> certain number
>>>>> of concurrent worker processes. At the end of a run we could use
>>>>> Tempest again
>>>>> to validate that all services are up and running.
>>>>>
>>>>> Is this topic potentially interesting for this group?
>>>>> I saw on your launchpad task board that your are planning something
>>>>> similar:
>>>>> "Develop stress tests that can be integrated with current testing"
>>>>> Did somebody already spend some effort in that area?
>>>>>
>>>>> I'd like to join your meeting tomorrow and discuss about it.
>>>>>
>>>>> Regards
>>>>> Marc
>>>>>
>>>>> DEUTSCHE TELEKOM AG
>>>>> Digital Business Unit, Cloud Services (P&I)
>>>>> Marc Koderer
>>>>> Cloud Technology Software Developer
>>>>> T-Online-Allee 1, 64211 Darmstadt
>>>>> E-Mail: m.koderer at telekom.de
>>>>> www.telekom.com
>>>>>
>>>>> LIFE IS FOR SHARING.
>>>>>
>>>>> DEUTSCHE TELEKOM AG
>>>>> Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
>>>>> Board of Management: René Obermann (Chairman),
>>>>> Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges,
>>>>> Dr. Thomas Kremer, Claudia Nemat, Prof. Dr. Marion Schick
>>>>> Commercial register: Amtsgericht Bonn HRB 6794
>>>>> Registered office: Bonn
>>>>>
>>>>> BIG CHANGES START SMALL - CONSERVE RESOURCES BY NOT PRINTING EVERY
>>>>> E-MAIL.
>>>>> _______________________________________________
>>>>> Openstack-security mailing list
>>>>> Openstack-security at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Openstack-security mailing list
>>>> Openstack-security at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>> -Sriram
>>>
>>
>>
>
>
> --
> Thanks,
> -Sriram
>
--
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140213/e1edbf64/attachment.html>
More information about the Openstack-security
mailing list