"Some birds aren't meant to be caged, their feathers are just too bright"- Morgan Freeman, Shawshank Redemption. This blog is from one such bird who couldn't be caged by organizations who mandate scripted software testing. Pradeep Soundararajan welcomes you to this blog and wishes you a good time here and even otherwise.

Friday, November 13, 2009

Rahul Verma on Fuzzing for software testers : Nov 23, 2009

I think I was stupid to have missed mentioning this tutorial from Rahul Verma on Fuzzing for software testers in my previous post. My apologies to all testers from India for overlooking at our own indigenous talent. Rahul, please forgive me.

Fuzzing is a very interesting topic and I dont want to loose out on attending his session in Bangalore.Have you ever corrupted a file? Have you been curious to see what happens to your system when the database is corrupted? What happens to a live / production server if a file is corrupted? Have you ever experienced a file/data corruption at the customer end and the ripples it caused your organization. I know its very important and thankfully Rahul has focused on it much beyond most of us. If I could better my fuzzing skills, I can extend my competitive advantage.

Once I was a part of a test team whose responsibility was to test multimedia streaming on a Pocket PC. Pesticide Paradox kicked in and our test data was no longer helping us to find problems.


  • With the help of a few multimedia content generators, we generated test data that astounded the whole team with the volume of the problems it helped us find. We had lots of media clips whose configuration was perfect and as per requirement - the player and pocket PC should play. They were doing fine but the moment we introduced a real media file derived from an mp3 file which in turn was derived from a real media file, we found some amazing bugs.
  • Imagine, taking a file, converting it to format A to format B and then reconverting it to format A. Is the end result file supposed to be the same as how it started?
  • Imagine opening an input file as a binary and take out the End of File indicator, how would the system handle it?
  • Wow! I dont know how it makes you feel but to me I am so much excited of how the system will respond?
  • I know about a few ways of corrupting data and packets. I am sure my armory of test ideas is going to expand after attending Rahul's session.

Fortunately, there is a week's time for us to register. To know if it is worth the money, here is my recommendation about Rahul Verma:

I have personally interacted with him and think he is unique. He is well read, focused, 10000% more disciplined than me, honest, a rare breed of performance-security-automation combo guy. A great presenter, you will be spell bound with his presentation skills. I cant take a minute of my eyesight out if this guy is presenting.


What worth is my money in bank if I cant spend it to learn things that makes me a better tester. Oh, you think I am rich? Yes, I am and it indicates that my investment plans have been good so far. Here is my next systematic investment:

To Conference Organizers : Here is my registration for this tutorial. I am participating, block a seat for me.

3 comments:

Anuj Magazine said...

I had attended Rahul's session on Fuzzing in STEPin forum and i could not agree more with positive things you have mentioned about him regarding the Presentation skills. I think his session then left everyone spellbound.
All the best, Rahul for the session.

Regards,
Anuj
http://anujmagazine.blogspot.com

Rahul Verma said...

Pradeep,

It's very kind of you to talk such good things about me and that too by dedicating a blog post for the purpose.

This leaves me with a lot of responsibility for the people who are going to attend the session. So, in a way, you have made things difficult for me :-)

Fuzzing as a subject is complex and there are a lot of wonderful guys in the software security world who are miles and miles ahead of me. Still, nobody talked on the subject in the Indian testing conferences. I have been conducting my humble sessions solely for software testers to introduce the subject and the strength of fuzzing. To enable this, I have designed the tutorial to discuss the subject in a very simple way, but discussing its various dimensions at the same time.

Anuj,
Thanks to you too. I hope that even this session turns out to be meaningful for the audience.

Regards,
Rahul

Pradeep Soundararajan said...

@Rahul,

This leaves me with a lot of responsibility for the people who are going to attend the session. So, in a way, you have made things difficult for me :-)


A lot compared to what? :)

Fuzzing as a subject is complex and there are a lot of wonderful guys in the software security world who are miles and miles ahead of me. Still, nobody talked on the subject in the Indian testing conferences. I have been conducting my humble sessions solely for software testers to introduce the subject and the strength of fuzzing. To enable this, I have designed the tutorial to discuss the subject in a very simple way, but discussing its various dimensions at the same time.

We could catch up soon and you may be our bridge. Keep walking.