This is fun. In the last few blogs I’ve talked a lot about how cloud and mobile apps are changing everything. Okay, that should be Changing. Everything. Again. But while HP, IBM and CA are busy solving the challenges of Enterprise Apps and IXIA and Spirent are busy pushing gobs of packets around, the cloud and mobile apps are just exploding. This is the NoSQL movement, HTML5, H.264 videos in your browser, spanking new iPhone and Android apps every day and so on. This short video below summarizes the challenges of testing the world that’s changing around us.

More »

This one’s been in the works for a while. I keep comparing application testing to infrastructure testing and then pondering where the major revolution is happening right now and I can’t help but talk about it. Since I don’t do well with numbers and tables (*yawn*), I thought I’ll doodle a few graphs to visualize the differences. Besides, paraphrasing Calvin, a blog is authoritative and written by a professional when it has charts! :-)

More »

There are two kinds of test tool vendors in the world. Those that count in binary and those that don’t. Okay, stale joke aside there are those that test applications (like Mercury, now part of HP, IBM, etc) and those that test the infrastructure (like IXIA, Spirent, etc). Mu was founded on the premise that this boundary is blurring rapidly and there needs to be a new kind of testing solution that spans the layers between applications and infrastructures and looks at the service as a whole. As we look into the imminent future of HTML5 and the innovation in mobile and cloud apps, you can see this in play right now. And yet all these test tool vendors are lagging behind this brave new world.

More »

Fuzzing has in the past mostly been relegated to protocols and file formats. With the huge surge in mobile apps, cloud applications, virtualization and social gaming, not to mention a RESTful API for everything these days, the challenge becomes generating fuzz tests rapidly for these applications. This is not just for the actual services, but also for the application-aware systems that are getting smarter by the day. We now have Deep Packet Inspection, Application Identification and a host of new technologies that allow firewalls and UTM’s to inspect application flows for compliance, QoS and access control.

More »

Had a little time to look into Ann’s Aurora, a forensic contest posted by SANS Digital Forensics. First of all, I got to say, these contests are totally awesome as it gives the opportunity for forensics investigators to try out new ideas and build new tools to solve very real problems. The solution to this has already been published by @McGrewSecurity where he posted a new tool called pcapline.py. It’s a tool that carves out embedded content in pcaps amongst other things. Very slick.

More »

Using Mu Studio, we recently enabled one of our customers to do both functional and fuzz testing of their proxy/load-balancer (P/LB). This P/LB supports SSL termination, IPv6, Caching, Compression, WAN Acceleration & Optimization and a plethora of really cool features that enable high-volume cloud apps and web sites. What I want to talk about is our approach to testing complex products/deployments like these from both a functional and fuzz/security/resiliency testing perspective.

More »

I felt a Déjàvu moment today when one of our customers came to us asking if we can help them test Outlook Exchange traffic through their firewall with ALG and NAT turned on. They had tried to re-purpose bit-blasters, load generators, open-source and commercial packet replay tools only to find that nothing was working. Way back when I was building the IDP at OneSecure, my pre-screen interview question was this:

If you only had an [ any, any, tcp/21, allow ] rule in your packet filter, why wouldn’t FTP uploads/downloads work?

More »

Just got back from Interop where I was part of a panel that talked about cloud computing. We discussed a lots of interesting topics like migration, scaling, hybrid clouds and what not. NoSQL was definitely a discussion point since I personally believe you can’t talk about cloud without also talking about NoSQL.

The scaling part though got me thinking. The current approach for scaling any cloud app is to use your IaaS provider to just add more compute power and deal with it. I tend to think a little differently from this. xtractr on pcapr for example, uses a hybrid cloud model. You download a single binary that you use for indexing large packet captures. When you now want to search, extract, report on this, the application is delivered to your browser which then uses JSONP (until HTML5 is truly prevalent with cross-domain Ajax requests) to communicate to your instance of the xtractr. What this means is when you are busy crunching packets, the server load on pcapr is zero! Which implies infinite scaling, ‘cos the load is truly distributed across all of our users.

More »

Just read the net neutrality article on Comcast. I have mixed feelings about this and wanted to find out what you thought. There seems to be a fine line when data becomes information and directly affects corporations and fellow humans. What I don’t know when looking at packets traversing the network as little bits of information, where exactly that boundary lies.

More »

We launched pcapr over a year ago now with just a few of us working part time to build and manage the site. pcapr is powered by CouchDB, a NoSQL database written in Erlang with JavaScript as the primary query language. Frankly, this has been a disaster. We are planning on rebuilding the site with Java, Hibernate and MySQL for a number of reasons.

More »