At SAFECode, our members often compare notes on secure development practices that are proving effective in our individual software security efforts. One of the most commonly cited of these practices is fuzzing. Fuzzing, sometimes referred to as fuzz testing, is an automated software testing technique that involves providing invalid, unexpected, random, or semi-random data as input to a computer program. The program is then monitored for exceptions such as hangs, crashes, failing built-in code assertions, or potential memory leaks.

This Fuzzing series will discuss things such as: what types of fuzzing exist and which one to choose in a specific case; what tools are available for various languages and ecosystems; how and why to fuzz continuously; and, how fuzzing fits into the larger software development lifecycle. 

Focus on Fuzzing: Getting Started

Fuzzing is a great way to test for bad behavior (both intentional and unintentional) in software, network protocols, embedded systems and devices, device drivers and pretty much any computing system that can talk to another. In fact, fuzzing is arguably one of the most effective methods to find the most significant, grievous bugs in almost any computing system. 

Click here or the image above to read the first installment of this series.

Focus on Fuzzing: Types of Fuzzing

In this blog, we provide useful context for those new to fuzzing, while at the same time providing some valuable information that experienced fuzz-testers can still benefit from. 

Click here or the image above to read the second installment of this series.

Focus on Fuzzing: A Closer Look at Coverage-Guided Fuzzing

In this post, we explain what coverage-guided fuzzing is, and why it may often be a great choice for you. We will also give examples of some tools that implement coverage-guided fuzzing (however, for an in-depth study of such tools, stay tuned to our upcoming blog post on tools!)

Click here or the image above to read the second installment of this series.

Copyright © 2007- Software Assurance Forum for Excellence in Code (SAFECode) – All Rights Reserved
Privacy Policy