matusf / bachelor-thesis Goto Github PK

Vypisal som aj niektore grammar chyby aj ked to asi budes riesit na konci. Par tam je takych kde je pouzite ine/nespravne slovo a tak ich asi corrector nenajde, lebo gramaticky je okej

"are best at exposing memory bugs like use-after-frees" - use-after-free - referencia na zdroj/co to je, ak nebolo v texte skor spomenute (myslim ze 22 to riesi tak asi toto je OK ako to je)

"The main use of memory unsafe languages is in
programs that are meant to be performant or interact with the underlining system.
Thus, we may see them used in system programming and GUI applications."
FYI, C sa pouziva vlastne ako platform agnostic assembler, lahko sa prenasa na iny kompiler

Underlining -> Underlying

"One of those protocols is HTTP" - most used / prevalent? mozno aj ine, ako protobuf, ale ak to spomenies tak len v tej vete, netreba vysvetlovat, hlavne je ze HTTP je najrozsirenejsi

"resouce" - resource na viacerych miestach

"comunication"

"That would mean that only single server would be able to be deployed to hold the
state." - chapem ze sa tym mysli ze musi ten isty server spracovavat request, ktory uz drzi stav? mozno sa to riesi cez memcache atd pri stateful apkach, skor by bolo mozno lepsie napisat ze musi drzat server ten klientov sucasny stav

"GitHub API exposes URIs in directory stracture-like format. For example,
to create a new repository in an organization" -> "For example, GitHub API exposes URIs in directory stracture-like format. To create a new repository in an organization"

"stracture-like"

"have libraries for parsing the formats" - those formats/standards?

"in a machine-readable format (in YAML and JSON)" - YAML nebol doteraz spomenuty, bud rozpisat / dat skratku niekam do slovnika (?), vysvetlit / referencovat

"new major version needed to be issued" - introduced?

"Furhermore, there are also converter between the two versions" - converter exists

"focuse"

"We will focuse on context of fuzzing when describing it" - we will describe in context of fuzzing

"Figure 3.4" posunut aby bola v texte pod Servers, nie "Paths"

"resouce describes id great detail" - in

"As you now APIs reuse many things" - As you now by som vyhodil, nech to je formalnejsie

"if or how the OpenAPI" - skor if and how ?

"Now we can see that more and more people" - As we can see

"prevoius"

"we have searched through" - walked through? went through? ale nie som si isty, mozno to je okej...

"discuss our design decision we made" - discuss design decisions we made ?

"We want to out fuzzer" - we want fuzzer

"awere"

"combionation"

"used in ofensive security where it is not possible to perform some kind of static or dynamic analysis on the source." - security, in environments, where ... on the target service?

"detils"

Ked nad tym rozmyslam, zo vsetkych nadpisom podkapitol by som odstranil "Why", asi to tam nevadi, ale ked som to videl aj z obsahu tak mi to tam netreba, lebo to vyplyva z toho Taxonomy na zaciatku

"known by us" - to us?

"main asset of RESTler is that its efficiency" - is its / is the efficiency

"perfored"

"Those are bugs are triggered"

"5.2 OpenAPI Fuzzer in greater detail" by som dal mozno na novu stranu? ale formatovat na konci to je jasne :)

"offers most great granularity"

CLI - zaviest skratku pri prvom spomenuti command line

"certian"

"chose to use use version 3"

"adopion"

"Another worth mentioning feature of OpenAPI" - feature worth ...

"Moreover, the random input data generator can be seeded, which may help in reproducability of
fuzzer's runs." - toto tam existuje alebo to je ze je mozne to dokodit / spravit v buducnosti

"Determined that for -know it will be most beneficial" - to nechapem ze co sa mysli

TUI - rozpisat skratku, to som ani ja nechapal ked som prvy raz pocul od teba :D

"Trigerring"

4.1 apiFuzz - pridat vetu, ze co ten fuzzer pozera v odpovedi - HTTP response codes

"by breking the grammar rules most request will not pass" - "breaking", "requests"

"anotherone that retrieves the object it may, the result of the" - "another one", "it may" - zmazat

"paralelization"

Tnt-Fuzz - "body is in JSON format, it will mutate the input too." - "input too" sa mysli input JSON format/structure ?

"can be circumvent" - circumvented

"TnT-Fuzz will running as authorized user" - will be

"was during fuzzing self-hosted git service" - of?

"Nearly every service holds some state, mainly in form of database" - by som pridal ze "internal" state alebo "internally", nech je jasne ze len server side

"queryies"

"an item that yet was not created" - was not yet / yet to be ?

"the BFS strategy" - radsej rozpisat ako "breadth-first search", predtym to je len raz a nie je definovana skratka (BFS), je to viac krat v texte

"has loosed requirements" - loose?

"certian"

"repla the results"

Table 4.1 - toto by som dal do nejakej podkapitoly "4.4. Conclusion" aj s tym textom pod tabulkou. Teraz je to v RESTLeri

"are using and automation techniques" - an automation

"as widely researched as the feld of fuzzing binaries" - mozno "of binary fuzzing"