Subscribe by Email

Monday, March 5, 2012

What is meant by fuzz testing?

- Fuzz testing or fuzzing as it is commonly known as, is another type of software testing methodology.
- It can be either operated manually or can be semi automated or fully automated.
- Unexpected, invalid or random data form the input data values for the fuzz testing of a software system or application.
- After arranging for the test input data values, the whole software system or application is then inspected if it is experience any problems like crashes, memory leaks or failure of the code assertions that are built in the software system or application.
- Fuzz testing or fuzzing is actually a testing methodology that falls under the category of the security testing and is often used for security checks of a software system or application.
- Fuzz testing emphasizes more on the network protocols and the file formats of the software system or application than the other aspects of the system.
- But it is not necessary that only the network protocols and file formats can undergo fuzz testing, other input aspects of the system can also be subjected to the fuzz testing.

Fuzz testing if further divided in to two sub categories:

1. Generation based fuzz testing:
It involves creation of entirely new set of input data based on the model input data.

2. Mutation based fuzz testing:
It involves the mutation of the existing samples of the data to generate a new set of input data.

Both of the above mentioned approaches of the fuzz testing can be implemented using the white box testing, black box testing or grey box testing depending on the requirements of the testing.

1. Common input for the fuzz testing basically includes:
- Key board events
- Mouse events
- Environment variables and
- API calls sequence.

2. Unusual types of inputs such as those being mentioned below can also be subjected to fuzz testing:
- Shared memory
- Contents of the data base of the software system or application and
- Inter leaving of threads (precise)

The input data which manages to cross the trust boundary of the software system or application catches the attention of the testers more than any other happening during the testing.

The origination of the fuzz testing is traced back to the University of Wisconsin and discovered by the professor Barton Miller.

The fuzz testing has emerged as a software testing technique with more than one uses:
1. For the testing of large projects having a budget just enough for the development of the test tools it can be employed as black box testing technique.
2. It is a very feasible and affordable software testing technique and has a high benefit- to - cost ratio.
3. The fuzz testing proves helpful in providing a sample stating the behavior of the software system or application generated in a random manner.
4. It very effectively demonstrates the exception handling capability of a piece of the source code of the program without crashing.
5. Fuzz testing gives an assurance for the maintenance of the overall quality of the software system or application rather than just acting as a testing tool for finding bugs.
6. Fuzz testing can also be used as a substitute for the formal methods employed for exhaustive testing of the software system.
7. One can rely on fuzz testing for determining the reliability of the software system as an application of static analysis, code audits or partial rewrites.
8. Fuzz testing as it involves generation of the invalid input data, is employed for checking out the error handling routines.
9. Fuzz testing is used as an approach for the automation of the negative testing.

No comments:

Facebook activity