fuzz test
1. what is FUZZ TESTing?
Fuzz Testing is an automated software testing technology, originally developed by Barton Miller of the University of Wisconsin in 1989, which is usually used to identify potential vulnerabilities in programs. The core of Fuzz Testing is to automatically or semi automatically generate random data and input it into the application, while monitoring program exceptions, such as crashes and code assertion failures, to find possible program errors, such as memory leaks.
Fuzzification refers to the automatic generation and execution of tests. The random data input in the fuzzy test is called "Fuzzy". The types of random data include: super long strings; Random numbers such as negative numbers, floating point numbers, super large numbers, and special characters such as~! @ # $% Such characters with special meanings as input may cause error; Unicode coding, because some programs do not support unicode.
Fuzzy testers for fuzzy testing are divided into two categories:
- One is a fuzzy tester based on mutation, which creates test cases by mutation of existing data samples
- The other is the generation based fuzzy tester, which models the protocol or file format used by the system under test, generates inputs based on the model and creates test cases accordingly.