![Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts/v4/72/67/63/726763f4-d563-024c-5880-49dcaabf2fb4/mza_7096284172862428647.jpg/100x100bb.jpg)
Bryan Sullivan: Premature Ajax-ulation
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
English - January 09, 2006 23:10 - 1 hour - 119 KB Video - ★★★★★ - 1 ratingTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases.
Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened against attack, something more sophisticated is required. Evolutionary algorithms can be used to gain the benefits of both approaches: tests that are better directed than random test cases but are not rigidly tied to data types.
This topic has been a hot one in the security industry for several years. Many approaches use code coverage or debugging techniques as key inputs for test case generation. Though helpful, these require complete access to the system under test.
This talk will cover the use of evolutionary algorithms in blind security testing, with an emphasis on test case generation and evaluation of test results. The concepts presented can be applied to any application under test, though this presentation will use web applications as the systems under test.