top

Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Microsoft has come up with the new cloud-based service called Project Springfield  for developers which help them to test application binaries for security bugs before deployment. “Whitebox fuzzing” is being used in this service, which lets developers find software bugs that are used by hackers to exploit systems. There are two different approaches to do fuzzing tests, one by giving random inputs given to the software to find something that breaches the code and the other one is static code analysis or “white boxing” it just looks the code and walks through it without executing it, range of inputs are given to find if any bugs are present in the software. Some of the features in the above-mentioned approaches are used for Whitebox fuzzing. In this process, initially, the sample inputs are taken by white box tester which dynamically generates a new set of inputs to check the performance of the code by going through the process. Machine learning techniques are used; frequently   system runs the code through the fuzzing sessions, adapting its approach based on what it find with the each iteration. This technique is similar to techniques which are built by the competitors in the Defense Advanced Research Projects Agency's Cyber Grand Challenge that allows automated bug detection and patching. Microsoft’s internal Whitebox fuzzing tool called SAGE which was developed by a Microsoft Research scientist, Patrice Godefroid and his team which is the basic foundation for the new service. Initially, SAGE was used in testing Windows 7 prior to its release and for discovering bugs by fuzzing tools, in spite of being used after all other testing completion. SAGE is now the basic foundation for Project Springfield, which is lead by Godefroid. This service puts the fuzz-testing system in the Azure cloud   behind a dashboard. Users can upload their code for testing along with a “test driver”-an interface for giving sample inputs to the code. Project Springfield service works with Windows binaries and this service is available in limited preview. In the coming days, even Linux testing will be available.  
Rated 4.0/5 based on 20 customer reviews
  1. Home
  2. Magazine
  3. Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications
Normal Mode Dark Mode

Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Geneva Clark
What's New
29th Sep, 2016
Project Springfield - Microsoft’s Cloud-Based Service For Testing Applications

Microsoft has come up with the new cloud-based service called Project Springfield  for developers which help them to test application binaries for security bugs before deployment. “Whitebox fuzzing” is being used in this service, which lets developers find software bugs that are used by hackers to exploit systems.

There are two different approaches to do fuzzing tests, one by giving random inputs given to the software to find something that breaches the code and the other one is static code analysis or “white boxing” it just looks the code and walks through it without executing it, range of inputs are given to find if any bugs are present in the software.

Some of the features in the above-mentioned approaches are used for Whitebox fuzzing. In this process, initially, the sample inputs are taken by white box tester which dynamically generates a new set of inputs to check the performance of the code by going through the process. Machine learning techniques are used; frequently   system runs the code through the fuzzing sessions, adapting its approach based on what it find with the each iteration. This technique is similar to techniques which are built by the competitors in the Defense Advanced Research Projects Agency's Cyber Grand Challenge that allows automated bug detection and patching.

Microsoft’s internal Whitebox fuzzing tool called SAGE which was developed by a Microsoft Research scientist, Patrice Godefroid and his team which is the basic foundation for the new service. Initially, SAGE was used in testing Windows 7 prior to its release and for discovering bugs by fuzzing tools, in spite of being used after all other testing completion. SAGE is now the basic foundation for Project Springfield, which is lead by Godefroid. This service puts the fuzz-testing system in the Azure cloud   behind a dashboard. Users can upload their code for testing along with a “test driver”-an interface for giving sample inputs to the code.

Project Springfield service works with Windows binaries and this service is available in limited preview. In the coming days, even Linux testing will be available.  

Geneva

Geneva Clark

Blog Author
Geneva specializes in back-end web development and has always been fascinated by the dynamic part of the web. Talk to her about modern web applications and she and loves to nerd out on all things Ruby on Rails.

Leave a Reply

Your email address will not be published. Required fields are marked *

SUBSCRIBE OUR BLOG

TRENDING BLOG POSTS

Python in a Nutshell: Everything That You Need to Know

Python is one of the best known high-level programming languages in the world, like Java. It’s steadily gaining traction among programmers because it’s easy to integrate with other technologies and offers more stability and higher coding productivity, especially when it comes to mass projects with volatile requirements. If you’re considering learning an object-oriented programming language, consider starting with Python.A Brief Background On Python It was first created in 1991 by Guido Van Rossum, who eventually wants Python to be as understandable and clear as English. It’s open source, so anyone can contribute to, and learn from it. Aside from supporting object-oriented programming and imperative and functional programming, it also made a strong case for readable code. Python is hence, a multi-paradigm high-level programming language that is also structure supportive and offers meta-programming and logic-programming as well as ‘magic methods’.More Features Of PythonReadability is a key factor in Python, limiting code blocks by using white space instead, for a clearer, less crowded appearancePython uses white space to communicate the beginning and end of blocks of code, as well as ‘duck typing’ or strong typingPrograms are small and run quickerPython requires less code to create a program but is slow in executionRelative to Java, it’s easier to read and understand. It’s also more user-friendly and has a more intuitive coding styleIt compiles native bytecodeWhat It’s Used For, And By WhomUnsurprisingly, Python is now one of the top five most popular programming languages in the world. It’s helping professionals solve an array of technical, as well as business problems. For example, every day in the USA, over 36,000 weather forecasts are issued in more than 800 regions and cities. These forecasts are put in a database, compared to actual conditions encountered location-wise, and the results are then tabulated to improve the forecast models, the next time around. The programming language allowing them to collect, analyze, and report this data? Python!40% of data scientists in a survey taken by industry analyst O’Reilly in 2013, reported using Python in their day-to-day workCompanies like Google, NASA, and CERN use Python for a gamut of programming purposes, including data scienceIt’s also used by Wikipedia, Google, and Yahoo!, among many othersYouTube, Instagram, Quora, and Dropbox are among the many apps we use every day, that use PythonPython has been used by digital special effects house ILM, who has worked on the Star Wars and Marvel filmsIt’s often used as a ‘scripting language’ for web apps and can automate a specific progression of tasks, making it more efficient. That’s why it is used in the development of software applications, web pages, operating systems shells, and games. It’s also used in scientific and mathematical computing, as well as AI projects, 3D modelers and animation packages.Is Python For You? Programming students find it relatively easy to pick up Python. It has an ever-expanding list of applications and is one of the hottest languages in the ICT world. Its functions can be executed with simpler commands and much less text than most other programming languages. That could explain its popularity amongst developers and coding students.If you’re a professional or a student who wants to pursue a career in programming, web or app development, then you will definitely benefit from a Python training course. It would help if you have prior knowledge of basic programming concepts and object-oriented concepts. To help you understand how to approach Python better, let’s break up the learning process into three modules:Elementary PythonThis is where you’ll learn syntax, keywords, loops data types, classes, exception handling, and functions.Advanced PythonIn Advanced Python, you’ll learn multi-threading, database programming (MySQL/ MongoDB), synchronization techniques and socket programming.Professional PythonProfessional Python involves knowing concepts like image processing, data analytics and the requisite libraries and packages, all of which are highly sophisticated and valued technologies.With a firm resolve and determination, you can definitely get certified with Python course!Some Tips To Keep In Mind While Learning PythonFocus on grasping the fundamentals, such as object-oriented programming, variables, and control flow structuresLearn to unit test Python applications and try out its strong integration and text processing capabilitiesPractice using Python’s object-oriented design and extensive support libraries and community to deliver projects and packages. Assignments aren’t necessarily restricted to the four-function calendar and check balancing programs. By using the Python library, programming students can work on realistic applications as they learn the fundamentals of coding and code reuse.
Rated 4.5/5 based on 12 customer reviews
Python in a Nutshell: Everything That You Need to Know

Python in a Nutshell: Everything That You Need to Know

Blog

The Ultimate Guide to Node.Js

IT professionals have always been in much demand, but with a Node.js course under your belt, you will be more sought after than the average developer. In fact, recruiters look at Node js as a major recruitment criterion these days.  Why are Node.js developers so sought-after, you may ask. It is because Node.js requires much less development time and fewer servers, and provides unparalleled scalability.In fact, LinkedIn uses it as it has substantially decreased the development time. Netflix uses it because Node.js has improved the application’s load time by 70%. Even PayPal, IBM, eBay, Microsoft, and Uber use it. These days, a lot of start-ups, too, have jumped on the bandwagon in including Node.js as part of their technology stack.The Course In BriefWith a Nodejs course, you learn beyond creating a simple HTML page, learn how to create a full-fledged web application, set up a web server, and interact with a database and much more, so much so that you can become a full stack developer in the shortest possible time and draw a handsome salary. The course of Node.js would provide you a much-needed jumpstart for your career.Node js: What is it?Developed by Ryan Dahl in 2009, Node.js is an open source and a cross-platform runtime environment that can be used for developing server-side and networking applications.Built on Chrome's JavaScript runtime (V8 JavaScript engine) for easy building of fast and scalable network applications, Node.js uses an event-driven, non-blocking I/O model, making it lightweight and efficient, as well as well-suited for data-intensive real-time applications that run across distributed devices.Node.js applications are written in JavaScript and can be run within the Node.js runtime on different platforms – Mac OS X, Microsoft Windows, Unix, and Linux.What Makes Node js so Great?I/O is Asynchronous and Event-Driven: APIs of Node.js library are all asynchronous, i.e., non-blocking. It simply means that unlike PHP or ASP, a Node.js-based server never waits for an API to return data. The server moves on to the next API after calling it. The Node.js has a notification mechanism (Event mechanism) that helps the server get a response from the previous API call.Superfast: Owing to the above reason as well as the fact that it is built on Google Chrome's V8 JavaScript Engine, Node JavaScript library is very fast in code execution.Single Threaded yet Highly Scalable: Node.js uses a single threaded model with event looping, in which the same program can ensure service to a much larger number of requests than the usual servers like Apache HTTP Server. Its Event mechanism helps the server to respond promptly in a non-blocking way, eliminating the waiting time. This makes the server highly scalable, unlike traditional servers that create limited threads to handle requests.No buffering: Node substantially reduces the total processing time of uploading audio and video files. Its applications never buffer any data; instead, they output the data in chunks.Open source: Node JavaScript has an open source community that has produced many excellent modules to add additional capabilities to Node.js applications.License: It was released under the MIT license.Eligibility to attend Node js CourseThe basic eligibility for pursuing Node training is a Bachelors in Computer Science, Bachelors of Technology in Computer Science and Engineering or an equivalent course.As prerequisites, you would require intermediate JavaScript skills and the basics of server-side development.CertificationThere are quite a few certification courses in Node Js. But first, ask yourself:Do you wish to launch your own Node applications or work as a Node developer?Do you want to learn modern server-side web development and apply it on apps /APIs?Do you want to use Node.js to create robust and scalable back-end applications?Do you aspire to build a career in back-end web application development?If you do, you’ve come to the right place!Course CurriculumA course in Node JavaScript surely includes theoretical lessons; but prominence is given to case studies, practical classes, including projects.  A good certification course would ideally train you to work with shrink-wrap to lock the node modules, build a HTTP Server with Node JS using HTTP APIs, as well as about important concepts of Node js like asynchronous programming, file systems, buffers, streams, events, socket.io, chat apps, and also Express.js, which is a flexible, yet powerful web application framework.Have You Decided Yet? Now that you know everything there is to know about why you should pursue a Node js course and a bit about the course itself, it is time for you to decide whether you are ready to embark on a journey full of exciting technological advancements and power to create fast, scalable and lightweight network applications.
Rated 4.5/5 based on 6 customer reviews
The Ultimate Guide to Node.Js

The Ultimate Guide to Node.Js

Blog

MEAN Stack Web Development: A Beginner’s Guide

A stack is all the programming languages, frameworks, libraries, tools, etc. used in software development of a particular project. MEAN stack is a combination environment with frameworks and a database which is completely sufficient for end-to-end functional web development. You will only need peripherals like analytical tools and a hosting platform, if necessary, to make your website market ready. MEAN Stack Web Development training is essential for every front-end developer, as it gives you the flexibility to understand other programming languages.What Does MEAN Stand For?M - MongoDB: Any website needs a database to store information about what to show on the website, as well as information provided by the users, and how the users have interacted with the website. There are two types of database popularly used by most developers; which are the relational and non-relational database. MongoDB is by far the most popular non-relational database. In short, a non-relational database allows you to start storing data without classifying the data into predefined tables. A non-relational database allows you to start without much initial time investment and provide many advantages if you’re dealing with large sets of heterogeneous data. Data retrieval is also simple and efficient no matter what the size of your total database.E - Express.js: Express is a node JS framework that allows web application development. If you search for something on YouTube, you’ll see that your URL is something like “https://www.youtube.com/results” Now, once your browser hits this URL, Express takes over, identifies that this is a search request, connects to the aforementioned database and gives an answer to your browser as to what to load. Express.js, in addition to having a very clean and readable syntax also provides an inbuilt folder and file structure for the Model View Controller(MVC) Framework. The MVC framework allows keeping the lines of code responsible for receiving the request separately, validating the data received in the request, and the functions for executing the business logic.A - AngularJS: AngularJS is a full-fledged front end development framework released in 2010. It is maintained by Google. AngularJS being a framework provides a lot of in-built functionalities which otherwise would take a lot of time and effort to build. AngularJS is one of the most popular front end frameworks. The popularity of AngularJS is due to its easy learning curve, compatibility across a wide range of browsers, and most importantly, a vibrant, actively contributing developer community.N - Node.js: Node.js is a cross-platform javascript runtime environment. To simplify, it allows javascript to be run outside the web browser and to be used for server-side scripting. Node.js has an event-driven architecture which allows it to rely on callbacks and not stall the application when any I/O operation is happening. This is called asynchronous I/O. This default architecture gives a massive advantage when user volume increases and your application has to scale. Other languages used for server-side scripting need external libraries to allow asynchronous execution. The E in our stack, Express.js is a framework on top of node.js.Why Is MEAN Stack popular?There are multiple reasons for this. Besides giving the software developer scope for improvement, it also holds the following benefits:Open source: All the frameworks are open-source which means they are free and have a multitude of developers contributing. MongoDB was also formerly open-source, but the language drivers are still available under an Apache License.Standardization: With MEAN stack ever increasing as a bundled skillset among developers, companies prefer to build their web application using the same stack to allow better collaboration between their developers. MEAN stack also makes it easier to change the development for a project from outsourced to in house and vice-versa.Seamless Integration: All components in the MEAN stack integrate smoothly. The server to the client (Express-AngularJS) and server to DB (Express-MongoDB) within MEAN stack is a combination which has been tried, tested, and scaled by countless companies. With MEAN stack gaining in popularity, more and more libraries are being published which make the integration even more seamless.Backed by Google: Node.js and AngularJS are backed by Google which helps a lot in keeping the developer community engaged and up to date with the latest versions. It also gives developers the confidence that the frameworks into which they’re pouring hours to master will not become obsolete.Should I Become a MEAN Stack Developer?The demand to create, improve, and maintain web applications is definitely not going to reduce in the coming years. Undertaking a MEAN Stack Web Development course qualifies you to be a certified MEAN stack web developer, which allows a prospective employer to hire a candidate with confidence that they will check all the boxes required to be an end to end web developer.
Rated 4.5/5 based on 19 customer reviews
MEAN Stack Web Development: A Beginner’s Guide

MEAN Stack Web Development: A Beginner’s Guide

Blog

Follow Us On

Share on

other Blogs