Quality Assurance and Project Management

Jul 29 2017   2:16PM GMT

Fuzz Testing – Why Should It Be A Regular Part of Software QA?

Jaideep Khanduja Jaideep Khanduja Profile: Jaideep Khanduja

Quality assurance
Quality control
Software testing

Fuzz Testing or Fuzzing is quite useful in many ways. In fact, it is a quality assurance (QA) technique to discover coding errors and security loopholes in software, operating systems or networks. A lot of enterprises, banks, e-commerce sites, etc. use this technique. It involves pumping massive volume of random data, that we call as fuzz, in order to simulate an attack and make the test application crash. As a matter of fact, many organizations do it on their production server. In case they find a vulnerability, they then apply a software tool, that we call a fuzzer. A Fuzzer determines the potential reasons for the crash. Barton Miller at the University of Wisconsin in 1989 was the first to develop this concept of Fuzz testing. And gradually the concept has become so hit that it has become an essential technique to incorporate.

Fuzz Testing

Photo credit: AMANITO via Visual Hunt / CC BY-NC

While the other testing techniques, we use before the launch of a product. But Fuzz Testing stays an integral component even after the deployment of an application on the production server. Usually, this technique works best to detect vulnerabilities that can emerge due to a buffer overflow, cross-site scripting, denial of service attacks, format bugs, and SQL injection attacks. As a matter of fact, Fuzz testing is less effective for in identifying security threats that are not responsible for program crashes. These could include spyware, some viruses, worms, Trojans, and keyloggers.

Fuzz Testing Is A Very Useful Technique

The benefit of fuzz testing is that it is quite simple to incorporate. Yet, it offers a high benefit-to-cost ratio. In fact, that is its strength. This is because it often identifies defects and vulnerabilities that the developers and testers overlook when they write, debug, and test the software. In fact, this kind of technique is powerful enough to find the most serious faults/defects/vulnerabilities. But here is a word of caution. You should not use it for creating a complete picture of the overall security, quality or effectiveness of a program or application. Rather, it works best when you use it in conjunction with extensive black box testing, beta testing, and other debugging methods.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: