News Stay informed about the latest enterprise technology news and product updates.

Microsoft previews Project Springfield, Azure-based fuzz testing

Microsoft's 'million-dollar bug detector' on offer in preview of Project Springfield, an Azure-based fuzz testing service announced at Ignite 2016.

Microsoft is offering a preview of its Project Springfield, a fuzz testing service for finding critical security...

bugs in software. Announced at Microsoft Ignite 2016 in Atlanta this week, the new "fuzzing as a service" project incorporates fuzzing technology that Microsoft used to discover one-third of the "million-dollar" security bugs found during development of Windows 7.

Project Springfield offers users a secure web portal to access a virtual machine on which they can upload binaries of software to be fuzz tested, a "test driver" program that runs the scenario being tested, and sample input files that the services use as a starting point for fuzzing. Project Springfield then runs continuous fuzz testing with multiple methods and reports security vulnerabilities over the web portal.

The new security testing service runs over Azure so users need not deploy their own data centers to do fuzz testing of code while using the tool Microsoft calls its "million-dollar bug detector," according to Allison Linn, senior writer at Microsoft. "Project Springfield helps customers quickly adopt practices and technology battle-tested over the last 15 years at Microsoft."

Microsoft calls Project Springfield a million-dollar bug detector, Linn wrote, because "every time the system finds a potentially serious bug proactively, before a piece of software is released, it is saving a developer the costly effort of having to release a patch reactively, once the product is already public. With widely used software such as an operating system or productivity suite, deploying those patches can cost as much as $1 million, the researchers say."

A key component of the service, called SAGE, has been in use at Microsoft since the mid-2000s and was used to test products like Windows 7 before release.

David Molnar, the Microsoft researcher who leads Project Springfield, said that fuzz testing is most useful for software that accepts input documents, images, videos or files that can carry harmful content. Molnar told Linn, "These are the serious bugs that it's worth investing to prevent."

Next Steps

Find out more about how fuzz testing can be used to secure internal apps.

Learn about what fuzz testing is, and how to use it.

Read about testing cloud application security in AWS.

Dig Deeper on Cloud Security Services: Cloud-Based Vulnerability Scanning and Antivirus

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How will you use Microsoft's Project Springfield fuzz testing service?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close