Assuring Security by testing

[Michael Osipov]

Hi devs,

I've been investigating Bugzilla within my Bachelor's thesis "Application
of security test tools in open source" at the Free University of Berlin
(FU Berlin) [1].
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially with security test
tools which provide fuzzing capabilities for SQL injection, parameter
tampering, path traversal etc.

So far, I have searched the repository, the homepage, the wiki and the 
mailing list.
Those resources revealed some very interesting information:

1. You do have a test suite [2] which works like a lint tool.
2. You require to run Perl in taint mode [3]
3. You do have a section on "secure" programming [4]
4. You claim you have "excellent security" [5]

I am not trying to judge any of your statements, I am merely trying to 
reaveal some useful brackground information.

Requiring perl's taint mode and filterting any input is a very good 
measure to keep out a lot of security issues but can you rely 100 % on 
it? No api or any develoer is as secure as 100 %. Additonally to this 
you are trying to design your system from the ground up with security in 
mind.

The interesting point is that after going thru all these steps do you 
test the security measures by any security-dedicated test plan 
especially with security test tools? E.g., there are sql injections 
fuzzers, parameter fuzzers and so forth.

Hope you can tell me what is going behind the scene.

Thanks in advance,

Michael


[1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools
[2] http://www.bugzilla.org/docs/developer.html#testsuite
[3] http://www.bugzilla.org/docs/developer.html#perl-taint
[4] http://www.bugzilla.org/docs/developer.html#security
[5] http://www.bugzilla.org/features/#security
-- 
<NO> OOXML - Say NO To Microsoft Office broken standard
http://www.noooxml.org