Fuzzing and the Corporate Environment

Fuzzing is a black-box testing technique, today, mostly for software. Therefore, it makes perfect sense for this technology to be used by software developers and software vendors for their QA and testing. In the corporate environment, it would make perfect sense for fuzzing to be used specifically for that testing and proofing new applications.

There are other uses for fuzzing in the corporate environment, some of which have far-reaching implications. Most corporations, or organizations for that matter, have an IT infrastructure such as a network, a Web page, an e-mail system, etc. This infrastructure is sometimes built without security considerations, based on basic needs put together or against budgetary concerns and functional needs. When the organization is about to buy a new product, it will proceed through different bureaucratic channels of varying complexity, and eventually decide on a product.

The technological evaluation part of that process varies, and can be as significant as it can be discarded. In some cases, the product is put through its paces in a demo or a pilot and tested to see if it is stable and provides all the requirements.

How the product is tested for security, stability, and usage is what we discuss in this chapter, and what implications this testing may have on the software industry.

When it comes to security, the testing often ends with a list of security features on a marketing checklist and the check that they are there. How do you test a product...