Subscribe by Email


Saturday, July 14, 2012

What are characteristics of fuzz technique? What are uses of fuzz technique?


Fuzz testing or fuzzing as it is commonly known as, is another type of very popular mixed software testing methodology i.e., it can be either implemented as a black box testing technique or white box testing technique or even as grey box testing technique, though the latter case being very rare. 
- It also provides the options for running it manually or by some semi automated or fully automated processes. 
- Unexpected, invalid or random data is what all is fed as input data values to the test cases created for the fuzz testing of a software system or application. 
- After the arrangement of the test input data values for the test cases, the whole software system or application is subjected to an inspection to determine if at all it is experiencing any problems like crashes, memory leaks or failure of the code assertions that are nothing but built in defects in the software system or application. 
- Fuzz testing or fuzzing is actually a testing methodology that is categorized under the category of the security testing and is often used for security checks of a software system or application. 

Fuzz testing if further divided results in to two sub categories as described below:
1. Generation based fuzz testing: 
This type involves creation of entirely new set of input data based on the model input data and
2. Mutation based fuzz testing: 
This type is concerned with the generation of new set of data by mutating the existing samples.

Fuzz testing lays more emphasis more on the network protocols and the file formats of the software system or application than the other aspects of the system. But this does not hold necessary that only the network protocols and file formats should undergo fuzz testing, other aspects of the input data for the system can also be subjected to the fuzz testing. Common input for the fuzz testing basically includes:
  1. Key board events
  2. Mouse events
  3. Environment variables and
  4. API calls sequence.
The unusual input forms are:
Such as those being mentioned below can also be subjected to fuzz testing:
  1. Shared memory
  2. Contents of the data base of the software system or application and
  3. Inter leaving of threads (precise)
The input data which manages to cross the trust boundary of the software system or application catches the attention of the testers more than any other happening during the testing. The origination of the fuzz testing is traced back to the University of Wisconsin and discovered by the professor Barton Miller. 

Uses of Fuzz Testing


The fuzz testing has emerged as a software testing technique with more than one uses:
  1. For the testing of large projects having a budget just enough for the development of the test tools it can be employed as black box testing technique.
  2. It is a very feasible and affordable software testing technique and has a high benefit- to - cost ratio.
  3. The fuzz testing proves helpful in providing a sample stating the behavior of the software system or application generated in a random manner.
  4. It very effectively demonstrates the exception handling capability of a piece of the source code of the program without crashing.
  5. Fuzz testing gives an assurance for the maintenance of the overall quality of the software system or application rather than just acting as a testing tool for finding bugs.
  6. Fuzz testing can also be used as a substitute for the formal methods employed for exhaustive testing of the software system.
  7. One can rely on fuzz testing for determining the reliability of the software system as an application of static analysis, code audits or partial rewrites.


No comments:

Facebook activity