Friday, December 23, 2016

What is fuzzing and why do I need it?

Fuzzing is my new favorite word and not just because it's fun to say! Fuzzing is a method used in software testing that allows for automated, or manual, techniques to input invalid, random and unexpected data in a program to see if it can generate errors. These errors can be either functional or security related and using fuzzing techniques helps develop code that's more stable and secure.

Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.

1 comment:

  1. The whole idea behind fuzzing is to try and find edge cases in a codebase. You use it to make sure that all the parsing you do, acceptance of the data, storing of the data, and reading the data causes no bugs. It's quite an integrated test, too, as you can test the complete flow of storing something like a zero-width space (U+200B in Unicode) in your site to check for issues. Some people try to inject code into the input fields (this is a part of fuzzing referred to as code injection) as a name input. Look at this web-site