This is fun. In the last few blogs I’ve talked a lot about how cloud and mobile apps are changing everything. Okay, that should be Changing. Everything. Again. But while HP, IBM and CA are busy solving the challenges of Enterprise Apps and IXIA and Spirent are busy pushing gobs of packets around, the cloud and mobile apps are just exploding. This is the NoSQL movement, HTML5, H.264 videos in your browser, spanking new iPhone and Android apps every day and so on. This short video below summarizes the challenges of testing the world that’s changing around us.
Archive for July 2010
Testing an Application, Infrastructure and a Service
This one’s been in the works for a while. I keep comparing application testing to infrastructure testing and then pondering where the major revolution is happening right now and I can’t help but talk about it. Since I don’t do well with numbers and tables (*yawn*), I thought I’ll doodle a few graphs to visualize the differences. Besides, paraphrasing Calvin, a blog is authoritative and written by a professional when it has charts! :-)
Testing HTML5 Applications
There are two kinds of test tool vendors in the world. Those that count in binary and those that don’t. Okay, stale joke aside there are those that test applications (like Mercury, now part of HP, IBM, etc) and those that test the infrastructure (like IXIA, Spirent, etc). Mu was founded on the premise that this boundary is blurring rapidly and there needs to be a new kind of testing solution that spans the layers between applications and infrastructures and looks at the service as a whole. As we look into the imminent future of HTML5 and the innovation in mobile and cloud apps, you can see this in play right now. And yet all these test tool vendors are lagging behind this brave new world.
Application Fuzzing with Mu Studio
Fuzzing has in the past mostly been relegated to protocols and file formats. With the huge surge in mobile apps, cloud applications, virtualization and social gaming, not to mention a RESTful API for everything these days, the challenge becomes generating fuzz tests rapidly for these applications. This is not just for the actual services, but also for the application-aware systems that are getting smarter by the day. We now have Deep Packet Inspection, Application Identification and a host of new technologies that allow firewalls and UTM’s to inspect application flows for compliance, QoS and access control.
Solving Ann’s Aurora Forensics Contest with xtractr
Had a little time to look into Ann’s Aurora, a forensic contest posted by SANS Digital Forensics. First of all, I got to say, these contests are totally awesome as it gives the opportunity for forensics investigators to try out new ideas and build new tools to solve very real problems. The solution to this has already been published by @McGrewSecurity where he posted a new tool called pcapline.py. It’s a tool that carves out embedded content in pcaps amongst other things. Very slick.
