Introduction

In this chapter, we describe in detail what fuzz testing, also known as fuzzing, is and how it works.

The purpose of this chapter is to reach common ground and establish basic terminology for the evolving field of fuzzing, and describe the advances made recently in Protocol-based Fuzzing with the introduction of commercial fuzzing products into the market. By the end of this chapter, you will have a good understanding of how fuzzing works, and some steps you can take to implement and use fuzzing.

Fuzzing is often described as a black-box software testing technique. It works by automatically feeding a program multiple input iterations that are specially constructed in an attempt to trigger an internal error indicative of a bug, and potentially crash it.

Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

We begin with a short summary of the state of the practice of fuzzing and a quick overview of fuzzing history. We continue with a detailed description of how fuzzing works. We then describe new advances made with fuzzing technology, introduce second-generation fuzzing, and try to assess the usability of fuzzing and what the future holds for this new market.

Fuzzing as a black box testing field, in our opinion, is going to turn into a significant portion of the vulnerabilities and software/application security markets from all ends, prevention to countermeasures.

Fuzzing is not a perfect solution, but when done efficiently it...