Jump to: navigation, search

GSoC2014/Testing/Fuzz

< GSoC2014
Revision as of 18:16, 14 February 2014 by Sriramhere (talk | contribs) (Implement a Fuzz testing framework that can be run on Tempest or a similar framework)

Implement a Fuzz testing framework that can be run on Tempest or a similar framework

Difficulty Hard
Topics testing, tempest
Mentor Sriram Subramanian

Introduction

OpenStack project is getting larger and more complex. It's adoption has also increased significantly, with customers expecting it to be more secure. Currently, many efforts are underway to ensure OpenStack platform is secure. But, an automated mechanisms to test for vulnerabilities is not part of OpenStack testing/ gating process yet. This results in most of the vulnerabilities reported are discovered at the customer site.

There are different mechanisms to test for security vulnerabilities, Fuzz testing being most popular of them. This project aims at enabling fuzz testing of OpenStack APIs and integrating such tests with OpenStack test framework such as Tempest.

Assumed Knowledge

  • Python
  • Introduction to OpenStack or Cloud Management Platforms is preferred, but not required
  • Introduction to Fuzz testing/ Penetration testing is preferred, but not required

Project Goals

  • Design and Implement Fuzz testing framework that can fuzz OpenStack APIs by generating configurable combninarions (random or pattern based)
  • Integrate above fuzz test framework with OpenStack Tempest test framework
  • Enable fuzz testing on at least one OpenStack project (OpenStack Nova for example)

Project Nice-to-Haves

  • Enable on more than one OpenStack project (OpenStack Swift for example)
  • Enable automated reporting of security vulnerabilities to the OpenStack Security Group
Suggestions