Fuzzing in Software Testing

Fuzzing in software testing means changing the program inputs so that you create different inputs in the hope of uncovering software bugs. Fuzzing is nothing more than supplying random input to a program or unit. There are two types of fuzzing: generation and mutation based fuzzing.

Mutation Based Fuzzing

This type of fuzzing is very straightforward and easy to implement. You simply add random changes to the input. For example, you add random characters:

# Original input
<label>my test</label>
# Mutated input
<label>my tttest</label>

We can also apply many more different fuzzing techniques. We can flip bits randomly, remove some characters etc. When we feed the new input, we check whether the program crashes or it can handle the changes.

Generation Based Fuzzing

This is kind of a smart testing framework. Instead of random mutations, we create inputs based on some prior knowledge. As an example we can use documentation to generate inputs. Assume documentation says the program takes 3 inputs and the third one is sum of first two. Then, we can simply create such a test suite automatically generating based on this information.

References

[1] https://resources.infosecinstitute.com/topic/fuzzing-mutation-vs-generation/

Leave a Reply

Your email address will not be published. Required fields are marked *