Statement of Scope

Entire books exist on the topic of computer vulnerabilities and software testing, and it is beyond the scope of this chapter to provide the in-depth knowledge needed to perform software security testing. While fuzzing is one important way to test software for bugs and vulnerabilities, it is important to understand exactly what we are testing for.

This chapter is an introduction to software testing in general, and as such must describe some of the ways software errors come about. While this material is most-likely review, it will at least provide a common starting point for the less-experienced or novice vulnerability researcher.

A computer in and of itself is nothing more than a paperweight, a useless collection of components and circuitry. For the computer to do anything, a person must give it a set of instructions the computer can understand. This, in essence, is the art of computer programming.

But it's not that simple. In reality, there is a vast difference between the instructions a computer can act on and the instructions the average person can understand. While it is entirely possible for humans to learn to issue commands in the language of the computer, this process is an extremely inefficient and time-consuming chore. (A statement to which anyone who owned one of the early IMSAI 8080 computers can attest. The earliest IMSAIs accepted only this type of input.)

And,...