Implement a Fuzz testing framework that can be run on Tempest or a similar framework
OpenStack project is getting larger and more complex. It's adoption has also increased significantly, with customers expecting it to be more secure. Currently, many efforts are underway to ensure OpenStack platform is secure. But, an automated mechanisms to test for vulnerabilities is not part of OpenStack testing/ gating process yet. This results in most of the vulnerabilities reported are discovered at the customer site.
There are different mechanisms to test for security vulnerabilities, Fuzz testing being most popular of them. This project aims at enabling fuzz testing of OpenStack APIs and integrating such tests with OpenStack test framework such as Tempest.
- Introduction to OpenStack or Cloud Management Platforms is preferred, but not required
- Introduction to Fuzz testing/ Penetration testing is preferred, but not required
- Design and Implement Fuzz testing framework that can fuzz OpenStack APIs by generating configurable combninarions (random or pattern based)
- Integrate above fuzz test framework with OpenStack Tempest test framework
- Enable fuzz testing on at least one OpenStack project (OpenStack Nova for example)
- Enable on more than one OpenStack project (OpenStack Swift for example)
- Enable automated reporting of security vulnerabilities to the OpenStack Security Group
|Student Name||Student Proposal|