Definition

fuzz testing (fuzzing)

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

Although fuzz testing is simple, it offers a high benefit-to-cost ratio and can often reveal serious defects that are overlooked when software is written and debugged. It cannot provide a complete picture of the overall security, quality or effectiveness of a program, however, and is  most effective when used in conjunction with extensive black box testing, beta testing and other proven debugging methods.

This was last updated in March 2010

Continue Reading About fuzz testing (fuzzing)

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close