This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Fuzz testing with zzuf

Posted by: Joe Barr on July 26, 2007 07:32 PM
Not a troll in my book, thanks for the correction on the origination of fuzz testing, and the fuzz program itself. I would like to learn more about that.

Fuzz testing has only crept into my consciousness because of the success it has had in discovering new vulnerabilities. I was a professional programmer from 1974 to 2001, and I never saw it or heard of it at all during my career. The big thing in testing as I was leaving the coding world was the "code to test" philosophy. Before that, the only big change I saw was in the popularization of IBM's "Black Team" approach, which tried to break apps instead of the kind of testing developers had always done, which tried to prove they worked.

As far as lame/stupid users are concerned, those comments are made based on my experience as a programmer, coding from specs which say "this field will contain blah blah blah" and then being unhappy over testing which didn't conform to the specs I was coding from. I think it's a valid analogy for fuzz testing.

I would like to hear more from you on this subject, please drop me a line if you like, or comment again here.

joe Barr


Return to Fuzz testing with zzuf