Session Name: Fuzz Testing for Fun and Profit
A software test is no better than the data that drives it. Fuzz testing is a great way to find buggy, exploitable, or otherwise bad code – and if you’re working with a native application that operates on file input, it’s a solved problem. Grab AFL or some other all-in-one suite, hit go, and profit! But what about web services? What about managed applications? For a service-based developer, fuzz testing your HTTP serving layer isn’t all that interesting if you’re running on the latest version of Apache. Fuzz testing your application along its interface boundaries, though? Very interesting – and not a problem that can always solved with an all-in-one suite off the shelf. In this technical talk, Melissa will demonstrate not just about what fuzz testing is, but how to use it to test a service architecture at every level and interface as a key part of any continuous delivery strategy. Using real-life examples and experience, she will demonstrate how easy it can be to integrate both mutation and generation fuzzing into an existing test strategy for services that operate at any scale – from micro to global. Every services developer should be able to feel confident not only that they’ve sanitized their inputs, but that they’ve been validated!
Melissa Benua has worked in nearly every software development role—dev, test, DevOps, and program management—at companies big and small and somewhere in-between. She's created and run high availability, high-quality services for PlayFab, Bing, Cortana, and Xbox One, and now for mParticle's enormous data platform. Melissa discovered her love of massively-scaled systems while growing the Bing backend, where she honed the art of keeping highly-available complex systems up while undergoing significant code churn. Now an engineering manager with mParticle, she’s passionate not only about maximizing efficiency both in her product code and in her developer tools but also about sharing best practices among colleagues and the tech world at large.