Word of the Day: fuzz testing (fuzzing)

Word of the Day Daily updates on the latest technology terms | July 19, 2017

fuzz testing (fuzzing) Fuzz testing is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to simulate an attack and make the test subject crash. If a vulnerability is found, a software tool called a fuzzer can be used to determine the potential cause of the crash. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989. Fuzzers works best to detect vulnerabilities that can be exploited with buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection attacks. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers. Although fuzz testing is simple, it offers a high benefit-to-cost ratio because it often reveals defects that are overlooked when software is written and debugged. This type of test usually finds only the most serious faults and is not useful for creating a complete picture of the overall security, quality or effectiveness of a program in a particular situation or application. Instead, it works best when used in conjunction with extensive black box testing, beta testing and other proven debugging methods. Quote of the Day "Fuzz testing is most useful for software that accepts input documents, images, videos or files that can carry harmful content. These are the serious bugs that it's worth investing to prevent." - David Molnar Related Terms and Tags RELATED TERMS buffer overflow cross- site scripting denial of service debugging beta test RELATED TAGS Security testing and ethical hacking Software security test best practices   Learning Center Project Springfield: How does Microsoft's fuzzing as a service work? Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains. DevOps testing: Never trust the world outside the enterprise Find out why a white-hat hacker claims "the biggest thing that keeps me up at night is the code DevOps is writing for the infrastructure," and what security pros can do about it. What is fuzz testing? What are some ways to use fuzz testing? Fuzz testing is a form of black box testing where large amounts of data in varying formats are sent to the inputs of a program such as a Web application. The benefits of remote debugging techniques in the cloud Using remote debugging requires IT professionals to have refined debugging techniques so the benefits of using these tools are maximized. Can a new encryption trick prevent reverse engineering? Learn about Hardened Anti-Reverse Engineering System, or HARES, which cannot exactly prevent reverse engineering, but makes it a little tougher for attackers to complete. Inside the changing DDoS threat and how to mitigate it Attackers have devised new types of distributed denial-of-service attacks. Here's how the DDoS threat has evolved. Stay In Touch FOLLOW US CONTACT AN EDITOR For feedback about any of our articles or to send us your article ideas, please contact us at: mrouse@techtarget.com About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.