Computer programs are typically debugged and tested using various methods. One method is to simulate an attack on the program or computer system to test for flaws or vulnerabilities in the program or system. For example, in the field of computer technology, Remote Procedure Call (RPC) is a technique that provides for a computer program to initiate a subroutine or procedure of a software package to execute in another address space (commonly on another computer on a shared network). The RPC occurs without a programmer explicitly coding the details for the remote interaction. For example, the RPC occurs whether the subroutine is local to the executing program or remote in relation to the executing program. It is noted that when the software package is written using Object-Oriented principles, RPC may be referred to as Remote Invocation or Remote Method Invocation. Different technologies have developed which are commonly used to accomplish RPC. However, one problem with current technologies is that the technologies are often incompatible with each other.
There are many RPC services within, for example, ARCserve® Backup, such as a User Authentication Service, and Message Engine Service, these RPC services provide various interfaces for communication. Further, these interfaces accept and process user inputted data, and return the process result to the user. For example, a User Validation Service accepts the user name and password that is typed in by a user, and returns the validation result to the user.
Currently, there are vulnerabilities and flaws for computer software or computer programs, for example RPC services, which are typically revealed by third parties using the program. Program vulnerabilities and flaws are undesirable as costing the software provider loss of sales, costs for development and deployment of patches, and the loss of reputation. One of the basic reasons for the vulnerabilities and flaws of programs occurs when the software does not properly check input data, for example, when the RPC services does not check the user input data properly, the program assumes that all user input data is good and properly organized, and does not go beyond the limitation of the program. For example, a User Validation Service assumes that all inputted user names are less than 1024 characters which is typically correct in everyday use, however, some attackers may generate a meaningless user name which is longer than 1024 characters, for example, 4096 characters. Therefore, it is undesirable for RPC services to make assumptions for user input data.
It would therefore be desirable to provide a method for testing software including its service interfaces before releasing the software product into the market. For example, it would be desirable to provide a method for testing RPC software including service interfaces before releasing the software product into the market. It would further be desirable to provide a method for testing software, for example RPC software, in an automated fashion.