Careers Media Sitemap Contact
Search:
Global Landmark Worldwide
About Us
Service Offerings  
Functional Testing
Test Automation
Performance Testing
Product Qualification Testing
Capabilities  
Resource Skills
Certifications  
Our Certification Program
 
Global Landmark Software Testing Brochure
Download [ PDF, 216KB ] Global Landmark Software Testing Brochure
 

Feb' 07
Global Landmark, Inc. to acquire Keane, Inc.

Jan’ 07
Global Landmark is now assessed at CMMI 1.2 level 5

Aug’ 06
Global Landmark Expands in Singapore and Australia

Global Landmark Expands into Switzerland
  more


Fuzz Testing

Fuzz testing is one of the black box testing techniques that exposes the hidden vulnerabilities of a product/ application by intentionally supplying random data as input. The main objective of fuzz testing is to capture the defects of the test cases, which are usually not written. Fuzz testing doesn't reveal any significant functional or technical flaw in the system. Rather, it effectively identifies the avenues through which the application crashes in real time.

The major advantage of the fuzz testing methodology is the absence of preconceptions about the system. The fuzz data is built with out any logic or pattern. Fuzz testing is conducted by supplying the fuzz data as input. The test is considered pass, if the system doesn't hang or crash even if the result is completely flawed and against the functional requirements. Bugs identified in fuzz testing are severe defects in security that may be exploited by a hacker in real time. Since the inputs are completely random, recording fuzz data for every test will help in recreating the failure conditions when system crashes.

The simplicity and randomness associated with the methodology enables Fuzz testing to be automated to a greater extent. The tools used for conducting fuzz testing are called "Fuzzers" or Fault injectors. Fuzzers are very effective in exposing vulnerabilities such as Denial of Service, SQL Injection and Buffer Overflow. The notorious buffer overflow vulnerability of IFRAME in Internet explorer was exposed by a Fuzzer called "mangleme". Fuzzers are available as open source projects and commercial products. Specialized fuzz testing tools available for testing are:

  • Web Applications
  • Web Browsers
  • Chat Clients
  • TCP/ IP Stacks
  • Network Protocols
  • Operating Systems
Fuzz testing improves the credibility of the application. The application that sustains the fuzz testing is least expected to be vulnerable for any external attack. Fuzz testing is not a complete replacement of the standard testing techniques, rather is an additional tool to ensure the safety of applications. Fuzz testing is a great tool to ensure software security rather than the software correctness.



Read other articles »

 Top
 
  Contact Us
  Request for Services
 
  Whitepapers
  Case Studies
  Articles
Client List
 
©Global Landmark, Inc. All rights reserved. Feedback | Terms Of Use | Privacy policy |Contact