Blind Security Testing—An Evolutionary Approach presented at Blackhat USA 2007

by Scott Stender,

Tags: Security Access Testing

Summary : Security testing is difficult enough
when auditors have complete access to the system under review. This task
is all the more difficult when the auditor must perform this assessment
blind. In a blind scenario, the attacker has an infinite number of test
cases to choose from, far more than can be executed and evaluated in a
reasonable amount of time. This talk will cover the use of evolutionary
algorithms in test case generation and result evaluation with the goal
of focusing security test cases on those most likely to result in flaws.