Difference between revisions of "GSoC2014/Testing/Fuzz"
< GSoC2014
(Created page with "= Implement a Fuzz testing framework that can be run on Tempest or a similar framework = {| class="wikitable" |- | Difficulty || |- | Topics || testing, tempest |- | Mentor ...") |
Sriramhere (talk | contribs) (→Implement a Fuzz testing framework that can be run on Tempest or a similar framework) |
||
| Line 3: | Line 3: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| − | | Difficulty || | + | | Difficulty || Hard |
|- | |- | ||
| Topics || testing, tempest | | Topics || testing, tempest | ||
| Line 11: | Line 11: | ||
Intro - Why we need it | Intro - Why we need it | ||
| + | OpenStack project is getting larger and more complex. It's adoption has also increased significantly, with customers expecting it to be more secure. Currently, many efforts are underway to ensure OpenStack platform is secure. But, an automated mechanisms to test for vulnerabilities is not part of OpenStack testing/ gating process yet. This results in most of the vulnerabilities reported are discovered at the customer site. | ||
| + | |||
| + | There are different mechanisms to test for security vulnerabilities, Fuzz testing being most popular of them. This project aims at enabling fuzz testing of OpenStack APIs and integrating such tests with OpenStack test framework such as Tempest. | ||
== Assumed Knowledge == | == Assumed Knowledge == | ||
| + | * Python | ||
| + | * Introduction to OpenStack or Cloud Management Platforms is preferred, but not required | ||
| + | * Introduction to Fuzz testing/ Penetration testing is preferred, but not required | ||
== Project Goals == | == Project Goals == | ||
Revision as of 18:08, 14 February 2014
Contents
Implement a Fuzz testing framework that can be run on Tempest or a similar framework
| Difficulty | Hard |
| Topics | testing, tempest |
| Mentor | Sriram Subramanian |
Intro - Why we need it OpenStack project is getting larger and more complex. It's adoption has also increased significantly, with customers expecting it to be more secure. Currently, many efforts are underway to ensure OpenStack platform is secure. But, an automated mechanisms to test for vulnerabilities is not part of OpenStack testing/ gating process yet. This results in most of the vulnerabilities reported are discovered at the customer site.
There are different mechanisms to test for security vulnerabilities, Fuzz testing being most popular of them. This project aims at enabling fuzz testing of OpenStack APIs and integrating such tests with OpenStack test framework such as Tempest.
Assumed Knowledge
- Python
- Introduction to OpenStack or Cloud Management Platforms is preferred, but not required
- Introduction to Fuzz testing/ Penetration testing is preferred, but not required
Project Goals
- Enable project by project, success being enabling on at least 1 complete project
