WHAT IS FUZZ TESTING, OR "FUZZING"?
In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software testing technique that attempts to find hackable software bugs by randomly feeding invalid and unexpected inputs and data into a computer program in order to find coding errors and security loopholes. This is an old but increasingly common process both for hackers seeking vulnerabilities to exploit and defenders trying to find and first them fix.
How Does Fuzzing Work?
Fuzz testing typically involves a fuzzing tool inputting massive amounts of random data, called fuzz, to the software or system being tested in an attempt to make it crash or break through its defenses. If a vulnerability is found, a software tool called a fuzzer can be used to identify the potential causes.
What Types of Fuzzing are There?
The three basic types of fuzzing are application fuzzing, protocol fuzzing and file format fuzzing.
What are Applications of Fuzzing?
Fuzzing is primarily used in quality assurance during software development. Because it is automatic in nature, you can easily test your software regularly and it can be used to test previously released software. It can also help detect software exploits.
What are the Benefits of Fuzzing?
Fuzzing can often reveal serious defects that are overlooked when software is written and debugged. Fuzzers work best for discovering vulnerabilities that can be exploited by SQL injection, buffer overflow, denial of service (DOS), and cross-site scripting. These are often used by malicious hackers to disable security with the intent of either taking down a system or stealing information.
What are the Disadvantages of Fuzzing?
Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans, and keyloggers.