fuzz testing

Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

Fuzz testing is simple and offers a high benefit-to-cost ratio. Fuzz testing can often reveal defects that are overlooked when software is written and debugged. Nevertheless, fuzz testing usually finds only the most serious faults. Fuzz testing alone cannot provide a complete picture of the overall security, quality or effectiveness of a program in a particular situation or application. Fuzzers are most effective when used in conjunction with extensive black box testing, beta testing and other proven debugging methods.

Read more about fuzz testing: - The Information Assurance Technology Analysis Center explains how fuzzing works. - Barton Miller maintains an application fuzz testing Web site. - Hacksafe offers a repository of fuzzers.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Software Development Methodology,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT nCircle statistics show rising Web application vulnerabilities The number of Web application vulnerabilities detected by the vendor is on track to exceed 2008, according to the latest statistics. Common PCI questions: Web application firewalls or source code review? Is it better to use Web application firewalls, automated source code security reviews or vulnerability scans? Michael Cobb reviews your options. Juniper pulls ATM hacking presentation from Black Hat Researcher planned to demonstrate a hacking technique targeting the underlying software of a new ATM.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)