News
GradesWritten on 24.04.18 by Bjoern Mathis Dear Students, you can see your final grades in the CMS. Due to a shoulder injury of Prof. Zeller, the grading took longer than expected. We wish all of you a lot of success in your further studies. |
Project 5 and Project 6Written on 23.03.18 by Bjoern Mathis The results for project 5 and project 6 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us. |
Project 4 ResultsWritten on 28.02.18 by Bjoern Mathis The results for project 4 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us. |
Project 3 ResultsWritten on 19.02.18 by Bjoern Mathis The results for project 3 are uploaded. You can see them on your personal page. If you have any concerns, feel free to contact us. |
No lecture this Thursday; in-depth talks and seminar this SpringWritten on 31.01.18 by Andreas Zeller Dear all, the planned talk by Christian Holler this Thursday had to be cancelled on short notice. Hence, there will be no lecture this week; feel free to spend the extra time on your final projects. Christian will give his talk on "fuzzing in the large" later this Spring; we will send out an… Read more Dear all, the planned talk by Christian Holler this Thursday had to be cancelled on short notice. Hence, there will be no lecture this week; feel free to spend the extra time on your final projects. Christian will give his talk on "fuzzing in the large" later this Spring; we will send out an invite to you all as soon as the details are fixed. We will also run a "Fuzzing lab" seminar this Summer semester, where you will have the opportunity to apply the techniques from the lecture on a large project.; Details on the seminar and how to register will be announced here as well. Thank you very much for joining us in the course – it's been a great time for us, and we hope you had some fun, too! Keep on fuzzing, Andreas Zeller |
Project 6Written on 29.01.18 by Bjoern Mathis We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any questions (especially regarding the… Read more We uploaded project 6. The official starting date of this project is Thursday, 2/1/2018. Nevertheless, you can start with the project from now on. Furthermore, since the exam phase is now also starting, you will receive 3 weeks of working time. If you have any questions (especially regarding the assignment), please do not hesitate to ask questions. |
Project 2 ResultsWritten on 19.01.18 by Bjoern Mathis The results for project 2 are uploaded. You can see them on your personal page. |
Project 5Written on 18.01.18 by Bjoern Mathis Project 5 is uploaded. Submit until 02.02.2018 04:00. |
Project 4 Deadline ExtensionWritten on 09.01.18 by Bjoern Mathis The submission deadline for project 4 has been extended until Friday, 2018-01-19 at 4 am. This extension has no effect on any upcoming deadlines. |
Implementing For loop -- HintsWritten on 05.01.18 by Rahul Gopinath For those who are having trouble with implementing a `for loop`, think how you can translate a `for loop` to a `while loop` in Python. |
Project 1 Grade AdjustmentWritten on 04.01.18 by Bjoern Mathis We have adjusted your grades for Project 1 to better represent your performance. |
Project 1 ResultsWritten on 22.12.17 by Bjoern Mathis The results for Project 1 are uploaded, you can see them on your personal status page. |
Memory profilingWritten on 19.12.17 by Rahul Gopinath If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to determine which objects have… Read more If you find that the memory usage of your Python program is increasing suspiciously, Python 3.4 and later has a new memory profiling API called tracemalloc. The tracemalloc module allows you to take a snapshot of your memory at various points, and compare them to determine which objects have grown. An example from the Python documentation below: import tracemalloc tracemalloc.start() # ... start your application ... snapshot1 = tracemalloc.take_snapshot() # ... call the function leaking memory ... snapshot2 = tracemalloc.take_snapshot() top_stats = snapshot2.compare_to(snapshot1, 'lineno') print("[ Top 10 differences ]") for stat in top_stats[:10]: print(stat)
|
Solving the evofuzz - HintsWritten on 14.12.17 (last change on 15.12.17) by Rahul Gopinath Note that in `evofuzz.py` you have this TODO: # TODO for STUDENTS: Change example.cgi_decode to the given function import example ffn.capture_coverage(lambda: example.cgi_decode(term)) cov_arcs = {(i,j) for f,i,j,src,l in ffn.cdata_arcs} There are two things to notice… Read more Note that in `evofuzz.py` you have this TODO: # TODO for STUDENTS: Change example.cgi_decode to the given function import example ffn.capture_coverage(lambda: example.cgi_decode(term)) cov_arcs = {(i,j) for f,i,j,src,l in ffn.cdata_arcs} There are two things to notice here. The first is that you are collecting the coverage only for the `cgi_decode` or the corresponding function. However, if you trace how the branch coverage gets called, you will see that the branch coverage includes lines from evofuzz.py. Your first job is to filter that. (This is why the cov_arcs assignment is left as a statement there.) Filter the cov_arcs to contain only those lines that belong to `cgi_decode` or whichever function you are using. You can query the CFG (cfg variable) which is a hashmap with lines as keys for those lines that belong to a specific function. Second, you do not need the sentinel node. You will get errors saying node '0' is not present in branch_cov. You can safely delete the node 0 by del ffn.branch_cov[0] You will need to do the same while collecting the covered/not-covered nodes. That is, choose only those nodes such that both parent and child are in cfg, and has function `cgi_decode`. Here is another piece of the puzzle. You need to only look for uncovered nodes within the function cgi_decode and check_triangle. That is, you can safely filter out the nodes from the main when you look for un-covered nodes. The following fragment will do that for you. def useful(p): return ffn.cfg[p]['function'] not in ['', 'main'] def not_covered_nodes(cfg): not_covered = set() for l in ffn.cfg: if not useful(l): continue for p in ffn.cfg[l]['parents']: if not useful(p): continue if (p, l) not in cov_arcs: not_covered.add((p, l)) return not_covered not_covered = not_covered_nodes(ffn.cfg) You are welcome to ping me or come to my office if you are completely stuck. |
Project 3 Deadline ExtendedWritten on 14.12.17 by Bjoern Mathis Due to numerous reports of technical difficulties we are extending the deadline of project 3 by one week (Friday 2017-12-22, 4am). |
Office HourWritten on 13.12.17 by Nikolas Havrikov Due to popular demand we will hold an office hour tomorrow (Thursday 2017-12-14) from 11:00 to 12:00 in room 2.22 in CISPA. Feel free to drop by to discuss your technical questions. |
Disabling pygraphvizWritten on 12.12.17 by Rahul Gopinath For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have the dot file created with a command… Read more For those on Ubuntu 16.xx that are unable to install pygraphviz, it is possible to make do with a pure python library called pydot. Once you have installed pydot with pip3 install pydot, these are the changes in pycfg.py that can get you the dot file. Once you have the dot file created with a command such as python3 pycfg.py cgidecode.py -d -y example.cov, you can open the dotfile, and paste its contents in `http://viz-js.com/` to view the generated graph.
|
Fixed Error in JSON GrammarWritten on 11.12.17 by Bjoern Mathis We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior. Please make sure to update to the latest version of the "project3.zip" file, in particular the newest JSON grammar… Read more We fixed a small error in the JSON grammar which caused a "No Parse" for some of your generated inputs. A wrong ordering in the "$NUMBER" production rule caused the faulty behavior. Please make sure to update to the latest version of the "project3.zip" file, in particular the newest JSON grammar file. |
Updated Test SubjectsWritten on 04.12.17 by Bjoern Mathis We updated the test subjects in the project zip to make calling the subjects easier for you. Now each subjects contains a method called main which expects a string as argument. |
Bug in Branch Distance ComputationWritten on 01.12.17 by Bjoern Mathis We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. Please update your project code accordingly (i.e. interp.py and dexpr.py). Furthermore, we made some clarifications regarding the… Read more We found a bug in the branch distance computation and updated the slides of lecture 7 accordingly. Also, we updated the files under "Code Samples" and in project 3. Please update your project code accordingly (i.e. interp.py and dexpr.py). Furthermore, we made some clarifications regarding the needed dependencies of our provided libraries in the project 3 description. |
Project 3Written on 23.11.17 by Bjoern Mathis Project 3 will be handed out next Thursday (11/30/17) evening. |
Project 1 Deadline ExtensionWritten on 10.11.17 by Bjoern Mathis The submission deadline for project 1 has been extended until Tuesday, 2017-11-14 at 4 am. This extension has no effect on any upcoming deadlines. |
Security Testing
Topics and Lectures
- Intro
- Fuzzing
- Simplifying Tests
- Testing with Mutations
- Testing with Grammars
- Grammar Inference
- Taint Analysis
- Coverage-Driven Testing
- Search-Based Testing
- Solving Constraints
- Inferring Preconditions
- Mutation Analysis
- Automated Repair and Protection
- Test Carving and Decomposition
Advanced course (6 CP)
- 12-14 lectures
- Thu 14-16 @ CISPA Lecture Hall
- Start: Oct 19