Definition “Fuzzing” What is Fuzz Testing?
The search for bugs is usually organized. Fuzz Testing, on the other hand, is characterized by the addition of random records. In this way, errors can be discovered that are hidden from conventional test mechanisms.
Company about the topic
During Fuzz testing, software is confronted with confusing and unexpected inputs to identify vulnerabilities. (Image: Mystic Artdesign / Pixabay )
In IT, a creation myth does not necessarily belong to the basic requirements of well-implemented methods. Nevertheless, there is a very clear history for the so-called Fuzz testing.
In the late 1980s, Barton Miller, a professor of computer science in Madison, Wisconsin, used a fixed-line connection to work from home on his Unix terminal at the university. During a thunderstorm, the signals did not come through the line as expected and the software received almost random inputs between lightning and thunder. Even robust programs collapsed due to random inputs, to Miller’s greatest surprise.
Miller and his students distilled this experience into a test procedure known as fuzzing or fuzz testing. Random, unstructured data inputs have been used to test the stability of a program when the user inputs leave certain schemas. Even today, the process enjoys some popularity in software development, but is not free of difficulties.
The benefits of Fuzz Testing
If programs are tested only along their borders, security vulnerabilities may persist. An error caused by an unexpected input is a potential security vulnerability that could be exploited at any time.
In fact, hackers and cybercriminals are more likely to use Fuzz testing and similar methods to identify vulnerabilities in systems. Accordingly, software developers should also integrate fuzzing into their test cycle in order to identify weak points in their programs even under stress.
Fuzz Testing has proven to be particularly suitable in practice to detect more serious security vulnerabilities. The fuzzing method provides the best results in combination with black box testing or in the context of a beta test. Precisely because cybercriminals often use similar methods in practice, programmers should precede them through intensive fuzz testing. However, a big disadvantage of fuzzing lies in the costs.
Although Fuzz Testing is in principle-as with Miller’s thunderstorm-also possible through the use of completely random inputs. However, this can hardly identify the most likely weaknesses of a system. There tends to be an infinite number of random entries, but to condense them to a limited test period, Fuzz Testing requires a little more manual skill on the developer side.
How Fuzz Testing works in practice
The practical application of fuzzing takes place along four easy-to-repeat steps.
- 1. First, a correct input file is prepared and opened.
- 2. In the second step, any part of the file is exchanged by random data and …
- 3. … then opened by the program.
- 4. Finally, developers must determine which part of the system has given way.
This last part can be quite laborious, in many cases the easiest way to record passes and fails. For example, parts of the Fuzz test can be written manually in Perl or AppleScript.
Different variants of fuzzers
Programs that allow automatic fuzzing are called fuzzers. These are typically based on three different methodologies:
- Mutation-based Fuzzers: Correct records are changed to generate new test data. Individual files or bits are adapted and modified and automatically logs of randomly generated errors are created.
- Generation-based Fuzzers: This model does not access correct records, but instead creates inputs generated by the input specifications. Each input is completely rewritten by the Fuzzer.
- Protocol-based Fuzzers: The most efficient fuzzers are found in protocol-based fuzzers. The prerequisite for functionality in this case is that programmers can use syntax, grammar or robustness tests as a basis for model-based test generation. Protocol-based fuzzers require in – depth knowledge of the protocol format to be tested and require sophisticated specifications.
Different Fuzzer tools are available for programmers, such as Peach Fuzzer, the Java-written Webscarab, Spike Proxy or OWASP WSFuzzer or the open-source project American Fuzzy Loop.
Fuzz Testing as part of the test cycle
Fuzz Testing has proven to be a particularly efficient addition to security testing to detect memory leaks and assertion failures or check for incorrect input. Especially in C and C++, memory management is a system-critical place due to the manual control over memory and deserves appropriate attention in security tests.
Despite the required expertise, the time and financial effort, an occupation with Fuzz Testing is therefore definitely recommended, but should always be understood as part of a comprehensive safety test. The name, by the way, derives from the English term “fuzzy”, which translates as “unclear, blurred” and already gives a clear indication of the methodology of Fuzz testing.