top

Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Microsoft has come up with the new cloud-based service called Project Springfield  for developers which help them to test application binaries for security bugs before deployment. “Whitebox fuzzing” is being used in this service, which lets developers find software bugs that are used by hackers to exploit systems. There are two different approaches to do fuzzing tests, one by giving random inputs given to the software to find something that breaches the code and the other one is static code analysis or “white boxing” it just looks the code and walks through it without executing it, range of inputs are given to find if any bugs are present in the software. Some of the features in the above-mentioned approaches are used for Whitebox fuzzing. In this process, initially, the sample inputs are taken by white box tester which dynamically generates a new set of inputs to check the performance of the code by going through the process. Machine learning techniques are used; frequently   system runs the code through the fuzzing sessions, adapting its approach based on what it find with the each iteration. This technique is similar to techniques which are built by the competitors in the Defense Advanced Research Projects Agency's Cyber Grand Challenge that allows automated bug detection and patching. Microsoft’s internal Whitebox fuzzing tool called SAGE which was developed by a Microsoft Research scientist, Patrice Godefroid and his team which is the basic foundation for the new service. Initially, SAGE was used in testing Windows 7 prior to its release and for discovering bugs by fuzzing tools, in spite of being used after all other testing completion. SAGE is now the basic foundation for Project Springfield, which is lead by Godefroid. This service puts the fuzz-testing system in the Azure cloud   behind a dashboard. Users can upload their code for testing along with a “test driver”-an interface for giving sample inputs to the code. Project Springfield service works with Windows binaries and this service is available in limited preview. In the coming days, even Linux testing will be available.  
Rated 4.0/5 based on 20 customer reviews
Normal Mode Dark Mode

Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Geneva Clark
What's New
29th Sep, 2016
Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Microsoft has come up with the new cloud-based service called Project Springfield  for developers which help them to test application binaries for security bugs before deployment. “Whitebox fuzzing” is being used in this service, which lets developers find software bugs that are used by hackers to exploit systems.

There are two different approaches to do fuzzing tests, one by giving random inputs given to the software to find something that breaches the code and the other one is static code analysis or “white boxing” it just looks the code and walks through it without executing it, range of inputs are given to find if any bugs are present in the software.

Some of the features in the above-mentioned approaches are used for Whitebox fuzzing. In this process, initially, the sample inputs are taken by white box tester which dynamically generates a new set of inputs to check the performance of the code by going through the process. Machine learning techniques are used; frequently   system runs the code through the fuzzing sessions, adapting its approach based on what it find with the each iteration. This technique is similar to techniques which are built by the competitors in the Defense Advanced Research Projects Agency's Cyber Grand Challenge that allows automated bug detection and patching.

Microsoft’s internal Whitebox fuzzing tool called SAGE which was developed by a Microsoft Research scientist, Patrice Godefroid and his team which is the basic foundation for the new service. Initially, SAGE was used in testing Windows 7 prior to its release and for discovering bugs by fuzzing tools, in spite of being used after all other testing completion. SAGE is now the basic foundation for Project Springfield, which is lead by Godefroid. This service puts the fuzz-testing system in the Azure cloud   behind a dashboard. Users can upload their code for testing along with a “test driver”-an interface for giving sample inputs to the code.

Project Springfield service works with Windows binaries and this service is available in limited preview. In the coming days, even Linux testing will be available.  

Geneva

Geneva Clark

Blog Author
Geneva specializes in back-end web development and has always been fascinated by the dynamic part of the web. Talk to her about modern web applications and she and loves to nerd out on all things Ruby on Rails.

Leave a Reply

Your email address will not be published. Required fields are marked *

SUBSCRIBE OUR BLOG

Follow Us On

Share on

other Blogs

20% Discount