QA TouchTesting

Introduction to Fuzz Testing

By October 17, 2018June 11th, 2020No Comments2 min read
Blog QA Touch

Introduction to Fuzz Testing

October 17, 2018
Fuzz Testing

Handling software failures is not that easy, and the downtime is expensive. It’s best to prevent failures from happening. But how do you do that? Fuzz testing helps you out in this case.

What is Fuzzing or Fuzz Testing?

Fuzz testing or fuzzing is a software testing technique, and it is a type of Security Testing. Fuzz Testing is a type of testing intended to discover coding errors and security loopholes in software, operating systems, or networks. This involves monitoring the target system by inputting invalid or random data called FUZZ to the system. where automated or semi-automated testing techniques are used.

Why Fuzzing?

The purpose of fuzzing relies on the assumption that there are bugs within every program, which are waiting to be discovered.

  • Detects serious security loopholes and vulnerabilities of the system
  • Most Cost-effective solution to find serious security threats
  • Hackers use fuzzing technique.
  • Fuzzing is similar to automated negative testing.

Fuzz Testing Strategy Steps

  1. Identify the target system
  2. Identify inputs
  3. Generate Fuzzed data
  4. Execute the test using fuzz data
  5. Monitor system behavior
  6. Log defects

Fuzz testing

Types of bugs detected by Fuzz Testing

  • Assertion failures and memory leaks An assertion statement specifies a condition that you expect to be true at a point in your program. If that condition is not true, the assertion fails.
  • Invalid input In fuzz testing, fuzzers are used to generate an invalid input for testing error-handling routines. It is crucial for a software to handle it’s inputs.
  • Correctness bugs are more painful to debug than crashing bugs since its hard to define the steps to replicate the issue. For instance corrupted database, poor search results, etc.

Fuzz Testing Tools

  • Spike Proxy
  • Webscarab
  • Burp
  • OWASP WSFuzzer
  • AppScan

Advantages and Disadvantages of Fuzz Testing

Advantages

  • Fuzz testing improves software security.
  • Helps to find serious security breaches including memory leak, an un handled exception, etc.  could be used by hackers for Cyber attacks.

Disadvantages

  • Fuzz testing is less effective while dealing with security threats that do not cause program crashes, such as some viruses, worms, Trojan, etc.
  • Not a time efficient solution, to perform effectively, Fuzz testing will require significant time.

Fuzz testing helps you to ensure the application is robust and secure as it helps to identify most common vulnerabilities.

References

https://en.wikipedia.org/wiki/Fuzzing

https://www.guru99.com/fuzz-testing.html

https://www.owasp.org/index.php/Fuzzing

Swathisri R

About The Author Swathisri R

Swathisri is a Product Lead at DCKAP and is one of our enthusiastic quotients. Being a passionate Laravel developer, she handles the complete spectrum of QA Touch development, usability, and support. Swathi is so ambitious about community development and actively takes a part in them. In addition, she is a Featured speaker in Chennai Laravel Meetup events. Apart from being a coder, Swathisri is a University Gold medalist in athletics.

Related Posts

Playwright Integration
QA Touch Playwright Integration
Playwright Integration - QA Touch Reporter The day is finally here. After months…
ETL Testing
ETL Testing
Introduction to ETL Testing Data is the lifeblood of any modern business, this…
API Chaining with Postman
API Chaining with Postman
In API testing, API chaining is like arranging steps in a dance. It's…

Leave a Reply