Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to access a plurality of features pertaining to an event, apply an anomaly detection model on the accessed plurality of features, in which the anomaly detection model may output a reconstruction of the accessed plurality of features. The processor may calculate a reconstruction error of the reconstruction, determine whether a combination of the plurality of features is anomalous based on the calculated reconstruction error, and based on a determination that the combination of the plurality of features is anomalous, output a notification that the event is anomalous.

Abstract: Improved techniques for testing an application to identify bugs. An API request body, which includes input data, is transmitted to a service to exercise the service. An error type response is received from the service, where the response indicates how the service handled the input data. The response is then used to determine an error type response coverage of the service. The coverage is then expanded by repeatedly performing a number of operations until a threshold metric is satisfied. For instance, in response to learning how previously-used input data impacted the coverage, new input data is generated. This new input data is designed to trigger new types of responses from the service. The new input is sent to the service, and a new error type response is received. These processes are repeated in an effort to expand the error type response coverage of the remote service.

Abstract: Improved techniques for testing an application to identify bugs. An API request body, which includes input data, is transmitted to a service to exercise the service. An error type response is received from the service, where the response indicates how the service handled the input data. The response is then used to determine an error type response coverage of the service. The coverage is then expanded by repeatedly performing a number of operations until a threshold metric is satisfied. For instance, in response to learning how previously-used input data impacted the coverage, new input data is generated. This new input data is designed to trigger new types of responses from the service. The new input is sent to the service, and a new error type response is received. These processes are repeated in an effort to expand the error type response coverage of the remote service.

Abstract: Provided are methods and systems for automatically generating input grammars for grammar-based fuzzing by utilizing machine-learning techniques and sample inputs. Neural-network-based statistical learning techniques are used for the automatic generation of input grammars. Recurrent neural networks are used for learning a statistical input model that is also generative in that the model is used to generate new inputs based on the probability distribution of the learnt model.

Abstract: In a method for automatically testing a service via a programming interface of the service includes, a set of operation descriptions describing a set of operations supported by the service is obtained. The set of operation descriptions includes respective descriptions of requests associated with respective operations in the set of operations and responses expected in response to the requests. Based on the set of operation descriptions, dependencies among the requests associated with the respective operations are determined, and a set of test request sequences that satisfy the determined dependencies is generated. Test request sequences in the set of test request sequences are executed to test the service via the programming interface of the service.

Abstract: Described herein are technologies related to testing computer code for bugs, wherein the computer code is to run in kernel mode of an operating system. The computer code is executed in kernel mode of a first operating system, and content of memory that is mapped to kernel mode address space of the first operating system is transferred to user mode memory that is mapped to user mode address space of a second operating system. The computer code is executed in user mode and tested while being executed in user mode.

Abstract: Apparatus and methods can be implemented to perform software testing or to perform emulated hardware testing using a cloud architecture that can utilize centralized testing technology and can enable scaling up to test for multiple tenants and scaling up to arbitrary numbers of programs tested for each tenant. A user can configure an initial test virtual machine on a cloud platform for a cloud service over a physical network such as the Internet. Components of the cloud architecture can create a set of clones of the initial test virtual machine and inject tools into each clone for testing. Testing of one or more clones of the set can be conducted in an environment isolated from the physical network and isolated from a backend of the cloud service. Additional apparatus, systems, and methods are disclosed.

Abstract: In a method for automatically testing a service via a programming interface of the service includes, a set of operation descriptions describing a set of operations supported by the service is obtained. The set of operation descriptions includes respective descriptions of requests associated with respective operations in the set of operations and responses expected in response to the requests. Based on the set of operation descriptions, dependencies among the requests associated with the respective operations are determined, and a set of test request sequences that satisfy the determined dependencies is generated.

Abstract: Described herein are technologies related to testing computer code for bugs, wherein the computer code is to run in kernel mode of an operating system. The computer code is executed in kernel mode of a first operating system, and content of memory that is mapped to kernel mode address space of the first operating system is transferred to user mode memory that is mapped to user mode address space of a second operating system. The computer code is executed in user mode and tested while being executed in user mode.

Abstract: Apparatus and methods can be implemented to perform software testing or to perform emulated hardware testing using a cloud architecture that can utilize centralized testing technology and can enable scaling up to test for multiple tenants and scaling up to arbitrary numbers of programs tested for each tenant. A user can configure an initial test virtual machine on a cloud platform for a cloud service over a physical network such as the Internet. Components of the cloud architecture can create a set of clones of the initial test virtual machine and inject tools into each clone for testing. Testing of one or more clones of the set can be conducted in an environment isolated from the physical network and isolated from a backend of the cloud service. Additional apparatus, systems, and methods are disclosed.

Abstract: Provided are methods and systems for automatically generating input grammars for grammar-based fuzzing by utilizing machine-learning techniques and sample inputs. Neural-network-based statistical learning techniques are used for the automatic generation of input grammars. Recurrent neural networks are used for learning a statistical input model that is also generative in that the model is used to generate new inputs based on the probability distribution of the learnt model.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

Abstract: Micro-execution is the ability to run any code segment in isolation. Implementations for micro-execution of code segments are described. A test engine determines an effective address of a memory operation of an instruction of an executable program. The test engine determines, prior to performing the memory operation and based on a memory policy, that the effective address is to be replaced with a replacement address. Based on determining that the effective address is to be replaced, the test engine allocates the replacement address and executes the instruction based on the allocated replacement address.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

Abstract: Micro-execution is the ability to run any code segment in isolation. Implementations for micro-execution of code segments are described. A test engine determines an effective address of a memory operation of an instruction of an executable program. The test engine determines, prior to performing the memory operation and based on a memory policy, that the effective address is to be replaced with a replacement address. Based on determining that the effective address is to be replaced, the test engine allocates the replacement address and executes the instruction based on the allocated replacement address.

Abstract: Concepts and technologies are described herein for determining memory safety of floating-point computations. The concepts and technologies described herein analyze code to determine if any floating-point computations exist in the code, and if so, if the floating-point computations are memory safe. The analysis can include identifying floating-point instructions and conditional statements in the code. The code can be symbolically executed, and behavior of the floating-point instructions and the conditional statements can be monitored to determine if a floating point calculation is ever involved in computation of any memory address during the execution of the code.

Abstract: Concepts and technologies are described herein for incremental compositional dynamic test generation. The concepts and technologies described herein are used to increase the code coverage and security vulnerability identification abilities of testing applications and devices, without significantly increasing, and in some cases decreasing, computational and time costs associated with the testing. Test summaries that describe how code is tested by a test engine are generated and stored during testing of code. These test summaries can be evaluated when additional iterations or versions of the code are tested. If functions corresponding to the test summaries are unchanged from, or logically equivalent to, a version of the function previously tested, the test summary may be used when testing the new version of the code.

Abstract: An exemplary method includes providing software for testing; during execution of the software, performing a symbolic execution of the software to produce path constraints; injecting issue constraints into the software where each issue constraint comprises a coded formula; solving the constraints using a constraint solver; based at least in part on the solving, generating input for testing the software; and testing the software using the generated input to check for violations of the injected issue constraints. Such a method can actively check properties of the software. Checking can be performed on a path for a given input using a constraint solver where, if the check fails for the given input, the constraint solver can also generate an alternative input for further testing of the software. Various exemplary methods, devices, systems, etc., are disclosed.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.