Fuzz testing definition
When a QA specialist uses an automated software testing tool to bombard a program with invalid, unexpected, or random inputs. The purpose of fuzz testing is to discover weaknesses or problems in the software and crash it.
How does fuzz testing work?
Fuzz testing tools usually have three components, often referred to as a poet, a courier, and an oracle.
- The poet starts the process by creating test cases (lists of potential inputs) that are tried on the target software.
- The courier delivers and inserts the inputs into the targeted software.
- The oracle checks whether the test case has passed or failed. If the software did something other than it was designed to do, the oracle will gather the information so that the error can be reproduced, examined, and fixed.
Fuzz testing advantages
- Speed of software development. Fuzzing software generates thousands of automated test cases each second. It helps developers quickly find and fix vulnerabilities before hackers do.
- Reproducing problems. Coders must be able to reproduce bugs so they can see what went wrong. Fuzzing software generates systematic, detailed feedback about their code.
- Quality testing and security standards. Many industries, like the medical or automotive, require proof that new software is secure and has been tested properly.
Fuzz testing as a threat
Fuzz testing is an important hacker tool used to discover zero-day exploits, unknown bugs, and security weaknesses. It is low cost and effective because once the software has been set up, it will continue to look for weaknesses without further human intervention until it finds an opening.