Open Source Fuzzing Tools
Examining the fuzz testing transition from a hacker-grown tool to a commercial-grade product, this text explains how Fuzzing finds vulnerabilities, serves as a QA tool, how it works within the Development Process, and more.
TABLE OF CONTENTS Open Source Fuzzing Tools
Why Is Fuzzing Important to Include in a Software Development Cycle?
If your company develops software or services, one of the first questions you should ask is, "why should I run fuzzers?" The answer to that, touched on in earlier chapters, should be straightforward.
-
Put simply, fuzzers are effective at finding bugs.
-
Fuzzers save time and are cheap alternatives to manual security testing.
-
External security researchers and malicious individuals will run them for you if you do not.
In other words, fuzzers reduce test costs, find bugs, and help in preventing folks outside your organization from finding embarrassing flaws in your software. Sign me up! So, if your product is actively taking user input from outside sources, the question really isn't "should I run a fuzzer," but "how do I get started?"
Before we jump into how to integrate and implement fuzzing into your development cycle, we'll dig deeper into why fuzzers are important to run.
Security Testing Workload
For anyone who has ever worked in Quality Assurance, it should be obvious that you are always resource and time constrained. That given with the old test adage, "you can only prove the existence of bugs, but not the absence of them," are two particular reasons why performing security testing can be difficult. The test team has a long grocery list of types of tests to run, including, but not limited to:
-
Unit testing
-
Integration testing
-
Scenario testing
-
Functionality testing
-
Reliability testing
-
Performance testing
-
Accessibility testing
-
Testability analysis
-
Usability testing
-
Internationalization...
Copyright Elsevier, Inc. 2007 under license agreement with Books24x7
