We developed fuzz testing, the sending of unstructured random input to an application program. With a few simple tools, we tested more than 80 command line utility programs on six versions of UNIX. As a result of this testing, we were able to crash a surprising (to us) number of programs: 25-33%. These crashes were typically caused by the use of risky programming practices that are well known to experienced programmers and the software engineering community.
Also: Fuzzing produces a bug a day for July / Browsers feel the fuzz.
And: Fuzzing Tools
click here for the whole cartoon
Comments