GSoC2014/Testing/Fuzz
< GSoC2014
Revision as of 18:08, 14 February 2014 by Sriramhere (talk | contribs) (→Implement a Fuzz testing framework that can be run on Tempest or a similar framework)
Contents
Implement a Fuzz testing framework that can be run on Tempest or a similar framework
Difficulty | Hard |
Topics | testing, tempest |
Mentor | Sriram Subramanian |
Intro - Why we need it OpenStack project is getting larger and more complex. It's adoption has also increased significantly, with customers expecting it to be more secure. Currently, many efforts are underway to ensure OpenStack platform is secure. But, an automated mechanisms to test for vulnerabilities is not part of OpenStack testing/ gating process yet. This results in most of the vulnerabilities reported are discovered at the customer site.
There are different mechanisms to test for security vulnerabilities, Fuzz testing being most popular of them. This project aims at enabling fuzz testing of OpenStack APIs and integrating such tests with OpenStack test framework such as Tempest.
Assumed Knowledge
- Python
- Introduction to OpenStack or Cloud Management Platforms is preferred, but not required
- Introduction to Fuzz testing/ Penetration testing is preferred, but not required
Project Goals
- Enable project by project, success being enabling on at least 1 complete project