Thursday, October 21, 2004
What timing. I just saw that somebody has written a program to generate randomly bad HTML pages which can be used to test browsers on how they handle malformed input. As you might expect, most were bad. Surprisingly, MS IE did the best of the bunch. The speculation is that it was tested with just such a tool previously. My guess would be that when Microsoft got security religion, that was the sort of thing they started to do.
The book 'Writing Secure Code' from Microsoft Press has a section on random input testing of programs and interfaces, so it's a good bet that this is one of the standard techniques they use.
Post a Comment
Links to this post: