Security Testing Andreas Zeller + Leon Bettscheider + Marius Smytzek

News

25.11.2021

Exercise 3 Solution

Dear Students,

We have uploaded an example solution for exercise 3, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page.

24.11.2021

Exercise 5

Dear Students,

We have published exercise 5. You can find it under Information > Material. Please read the chapter on Code Coverage for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try... Read more

Dear Students,

We have published exercise 5. You can find it under Information > Material. Please read the chapter on Code Coverage for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 5. December 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

22.11.2021

Lecture going online-only starting tomorrow

Dear all,

In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only via Zoom.

You can join the lecture every Tuesday at 16:15 using the "Zoom" link in the... Read more

Dear all,

In light of new COVID-related regulations regarding access to CISPA and the general call for reducing physical contacts, our next lectures will be online-only via Zoom.

You can join the lecture every Tuesday at 16:15 using the "Zoom" link in the "Information" menu at top of the course CMS site. Presentations during the lecture will be recorded (and included into the book).

We hope to return to physical lectures as the COVID situation improves. You can do your part by

  • getting vaccine and/or booster shots (with your doctor or at one of the Saarland mobile vaccination sites)
  • reducing physical contacts
  • wearing masks
  • maintaining personal hygiene

and encouraging others to do so, too.

Stay safe, stay healthy, and see you on Tuesday.

Andreas Zeller

 

17.11.2021

Project 1 Windows Support

Dear Students,
As some of you already noticed, running the fuzzer on Windows machines had some issues. We have now uploaded a new revision of the Project that should solve these problems for Windows users. The sheet.pdf explains the prerequisites for running the... Read more

Dear Students,
As some of you already noticed, running the fuzzer on Windows machines had some issues. We have now uploaded a new revision of the Project that should solve these problems for Windows users. The sheet.pdf explains the prerequisites for running the fuzzer on Windows.

16.11.2021

Exercise 4

Dear Students,

We have published exercise 4. You can find it under Information > Material. Please read the chapters Probabilistic Grammar Fuzzing and Fuzzing with Generators for this exercise.

The Zip file contains the required files for this exercise.... Read more

Dear Students,

We have published exercise 4. You can find it under Information > Material. Please read the chapters Probabilistic Grammar Fuzzing and Fuzzing with Generators for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 28. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

16.11.2021

Project 1

Dear Students,

We have published project 1. You can find it under Information > Material.

The Zip file contains the required files for this project. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the... Read more

Dear Students,

We have published project 1. You can find it under Information > Material.

The Zip file contains the required files for this project. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 02. January 2022 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

16.11.2021

Submission Validation Script

Dear Students,
We have uploaded a script to validate whether your submission was corrupted by compressing it. You can find it under Information > Material in the category Exercises. Run the script as following:

    $ python3 Submission_Validation_Script.py... Read more

Dear Students,
We have uploaded a script to validate whether your submission was corrupted by compressing it. You can find it under Information > Material in the category Exercises. Run the script as following:

    $ python3 Submission_Validation_Script.py <path_to_you_submission_as_a_zip_file>

15.11.2021

Exercise 2 Solution

Dear Students,

We have uploaded an example solution for exercise 2, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page.

09.11.2021

Exercise 3

Dear Students,

We have published exercise 3. You can find it under Information > Material. Please read the chapters Efficient Grammar Fuzzing and Grammar Coverage for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf... Read more

Dear Students,

We have published exercise 3. You can find it under Information > Material. Please read the chapters Efficient Grammar Fuzzing and Grammar Coverage for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 21. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

09.11.2021

Exercise 1 Solution

Dear Students,

We have uploaded an example solution for exercise 1, you can find it in the category Solutions under Information > Material. You can find your points for this exercise on your Personal Status page.

04.11.2021

Fuzzingbook 1.0 out of beta

Hi everyone,

We just moved the latest version of The Fuzzing Book out of beta. So, from now on, to read the book, you can directly go to

    www.fuzzingbook.org

We will continuously update chapters with videos, quizzes, and more before giving them out as... Read more

Hi everyone,

We just moved the latest version of The Fuzzing Book out of beta. So, from now on, to read the book, you can directly go to

    www.fuzzingbook.org

We will continuously update chapters with videos, quizzes, and more before giving them out as reading assignments.

To install the code package, you can now simply use

    pip install fuzzingbook

to obtain version 1.0 (with support for and requiring Python 3.9).

This is the same code as already contained in the previous 1.0rc2 package, so if you already installed that one, there's nothing you need to do. Still, please let us know if you encounter any problems.

Keep up the good work -- your friendly course instructors

04.11.2021

Exercise 0 Solution

Dear Students,

We have uploaded an example solution for exercise 0, you can find it in the category Solutions under Information > Material. Besides, you can find your points for this exercise on your Personal Status page.

03.11.2021

Exercise 2

Dear Students,

We have published exercise 2. You can find it under Information > Material. Please read the chapter Fuzzing with Grammars for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you... Read more

Dear Students,

We have published exercise 2. You can find it under Information > Material. Please read the chapter Fuzzing with Grammars for this exercise.

The Zip file contains the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 14. November 23:59 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

26.10.2021

Exercise 1

Dear Students,

We have published exercise 1. You can find it under Information > Material. Please read the chapter Fuzzing: Breaking Things with Random Inputs for this exercise.

The Zip file compresses the required files for this exercise. The sheet.pdf... Read more

Dear Students,

We have published exercise 1. You can find it under Information > Material. Please read the chapter Fuzzing: Breaking Things with Random Inputs for this exercise.

The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 7. November 24:00 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

20.10.2021

Exercise 0 Correction

Dear Students,

There was a mistake in exercise 0-3b. The code for this exercise should be:

import random
# import the fuzzing book chapter here

if __name__ == '__main__':
    random.seed()
    data = '' # call the fuzzer function here to generate data
... Read more

Dear Students,

There was a mistake in exercise 0-3b. The code for this exercise should be:

import random
# import the fuzzing book chapter here

if __name__ == '__main__':
    random.seed()
    data = '' # call the fuzzer function here to generate data
    with open('solution_3b.txt', 'w') as f:
        f.write(data)

The new uploaded revision of the exercise fixes this problem.

19.10.2021

Exercise 0

Dear Students,

We have published the first exercise (0). You can find it under Information > Material in the category exercises.

The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask... Read more

Dear Students,

We have published the first exercise (0). You can find it under Information > Material in the category exercises.

The Zip file compresses the required files for this exercise. The sheet.pdf contains the tasks you should try to solve.

We ask you to submit your solutions via the CMS on your Personal Status page. You have time until 31. October 24:00 to upload your solutions as a Zip file. Note that we cannot evaluate delayed submissions.

19.10.2021

Today's announcements and more videos

Dear all,

Thanks for attending today's lecture! This was our first hybrid lecture, and given all the things that could have gone wrong, we feel it went rather well :-) For those of you who could not attend, we have recorded the part with all the important... Read more

Dear all,

Thanks for attending today's lecture! This was our first hybrid lecture, and given all the things that could have gone wrong, we feel it went rather well :-) For those of you who could not attend, we have recorded the part with all the important announcements and questions:

We also have started adding videos to the chapters assigned to you for reading (this week: Introduction to Testing). As of now, you will find all chapters with videos on

which is the site we use for testing before things get moved to the "official" site at www.fuzzingbook.org. In a week from now, our tests for fuzzingbook 1.0 will be complete and from then on, both sites should be synchronized.

Our first exercise sheet will go out by tomorrow, letting you get acquainted with Python and Jupyter.

Enjoy the read!

Andreas

 

18.10.2021

Important information regarding face-to-face lectures and courses

Dear students,

welcome back on campus. Lectures and courses can be held again in presence. But whoever participates in such an event at the university must provide the 3G verification, which means either complete vaccination, recovery or a negative test (twice a... Read more

Dear students,

welcome back on campus. Lectures and courses can be held again in presence. But whoever participates in such an event at the university must provide the 3G verification, which means either complete vaccination, recovery or a negative test (twice a week). Therefore, we ask you to read the following information carefully, because an official control can be expected at any time.

The 3G verification is done by using and truthfully stating it in the Staysio-App  . If you are unable to enroll yourself via smartphone, use this web form

[https://www.uni-saarland.de/fileadmin/upload/page/coronavirus/Alternativformular-Staysio.pdf]

It can be filled out and printed online beforehand and must be submitted to the instructor(s) prior to the event. It will then be kept for four weeks in accordance with our data protection declaration and then destroyed.

If you have a smartphone but cannot download the app

If you are unable to download the Staysio App, in particular due to a foreign account in the Playstore or Appstore, you can also use this web application: https://www.staysio.de/#/visitor

1.       Scan the posted QR code with a QR reader app that you have installed on your cell phone With modern devices, this function is often integrated directly into the camera. Open the linked website that is displayed to you

2.       In the opened page you are asked if you want to install the app or continue to the web registration. If you choose the web registration, you will be redirected to the registration form.

3.       Create your contact details and those of your accompanying person(s) once. The created contacts will be saved on your smartphone for future visits

4.       If all persons are registered, you can register all of them with the corresponding button. The logout is automatically performed overnight.

 Please constantly check the official information on the website of Saarland University

https://www.uni-saarland.de/en/division/ls/informationen-zum-semesterbetrieb/winter-semester-2021-22.html

All the best,

The CS Department

18.10.2021

Welcome to Security Testing!

Welcome to the "Security Testing" course! We very much look forward meeting you every Tuesday at 16:15 – either

Welcome to the "Security Testing" course! We very much look forward meeting you every Tuesday at 16:15 – either

In this first meeting (and we hope that many of you will join us in person!), we are going to introduce you to the organization of the course, and happily take and address all your questions. Note that the discussion meetings will not be recorded.

Here are some first steps for you to get started for the course:

  1. Check out the book: Go to The Fuzzing Book (beta version) and check out the first chapter "Introduction to Software Testing". We will update all chapters with introduction videos in the next days, so you can read and watch :-)
  2. Toy with the code: From any chapter, select "Resources → Edit as Notebook" in the top menu, and enter a Jupyter Notebook where you can interact with the code as you like.
  3. Get the program code: Follow the instructions on how to install the code and get started with Python. However, instead of "pip install fuzzingbook", however, please use
        $ pip install --extra-index-url https://test.pypi.org/simple/ fuzzingbook==1.0rc2
    and you should get an all-new FuzzingBook 1.0 package that auto-installs all dependencies and is updated for Python 3.9.
    (We will release this package into the official pip channel in a week from now, so "pip install fuzzingbook" will get you the same as the above)

If you need help, we offer a Mattermost channel where you can find chat rooms for all sorts of questions regarding the course, exercises, and projects.

And of course, there always is the course page with all news and links:

Looking forward to work with you, and see you soon!

Andreas + Leon + Marius

Show all
 

Security Testing

Software has bugs, and catching bugs can involve lots of effort. This course addresses this problem by automating software testing, specifically by generating tests automatically. Recent years have seen the development of novel techniques that lead to dramatic improvements in test generation and software testing.  In this course, we explore these techniques – in theory and in code.

Course Organization

Every week, you will be provided with Jupyter Notebooks that teach a particular topic and illustrate it using plenty of runnable Python code.  These notebooks come from The Fuzzing Book, a textbook on how to generate software tests written by yours truly.

In the notebook, you can edit the code as you like, run your own experiments, and re-use and extend the code to your liking.  Your task will be to use these techniques (and their code) to build a series of fuzzers (i.e. test generators) that find bugs in a number of challenging settings.

Meetings

This course uses the "inverted classroom" principle – you learn at home, and discuss issues with your instructor.  In our weekly meeting, we use the gathering in the lecture hall to

  • discuss the assignment of last week
  • discuss the assignment of next week
  • discuss ongoing projects as well as general questions.

These meetings come with live coding, so we can explore ideas right on the go.

Projects

During this course, you apply the techniques learned in weekly exercises and two projects which form your coursework. Projects are graded for effectiveness, efficiency, elegance, and creativity. Projects offer special challenges which allow you to gain bonus points.

Exercises

Every week, you get a simple exercise assignment covering the material of the last lecture. Performance in these exercises will make 33% of the final grade.  Note that there is no final exam.

Requirements

Advanced programming skills (such as obtained after two years of successfully studying CS) are required. Knowledge in Python is useful, but can easily be acquired along the course.

Passing Criteria and Grading

To pass this course, you need to have

  • at least 50% of the points in each of the projects, and 
  • at least 50% of the total exercise points.
Your final grade is determined by 66% projects and 33% exercises (see above).

Lecture Plan

The course is organized as "inverted classroom": Every week, we discuss a chapter of the book, which will be supplied with an introduction video; we meet once a week to discuss the material, the associated exercises, and the ongoing projects.

The sequence of chapters is different from the book; in order to synchronize with the projects, we first discuss black-box techniques, then white-box techniques, and then domain-specific approaches.

2021-10-19: Introduction to the course; Introduction to Software Testing
2021-10-26: Introduction to Fuzzing
2021-11-02: Fuzzing with Grammars
2021-11-09: Efficient Grammar FuzzingGrammar Coverage
2021-11-16: Probabilistic Grammar Fuzzing (makes use of Parsing Inputs); Fuzzing with Generators
2021-11-23: Code Coverage
2021-11-30: Mining Input Grammars (guest lecture)
2021-12-07: Mutation-Based FuzzingGreybox Fuzzing
2021-12-14: Greybox Fuzzing With Grammars 
2021-01-04: Tracking Information Flow; Concolic Fuzzing
2021-01-11: Symbolic Fuzzing
2021-01-18: Fuzzing Configurations; Fuzzing APIs
2021-01-25: Testing Web Applications; Testing Graphical User Interfaces
2021-02-01: Reducing Failure-Inducing Inputs
2021-02-08: When to Stop Fuzzing (guest lecture) + Current Trends in Fuzzing Research

The lecture plan may be subject to changes; these will be announced in time.

Date, Time, Location

  • 15 lectures
  • 6 Credit Points
  • In-presence tutorial and discussion every Tuesday 16:15–17:45, CISPA, Lecture Hall 0.05
  • Optional attendance via Zoom (see "Information → Zoom" in the menu above for the link)
  • Start: Tuesday October 19


Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators