Fuzzing or fuzz testing

Fuzzing is a quality assurance technique used to detect coding errors and

security vulnerabilities in software, operating systems, or networks. It works by
attempting to crash a system or trigger errors by supplying a large volume of random
inputs. If a vulnerability is found, a fuzz testing platform (also called a fuzzer) can help
determine the root cause.
Fuzzing systems are very good at finding certain types of vulnerabilities, including buffer
overflow, denial of service (DoS), cross-site scripting, and code injection. However, they
are less effective at dealing with silent security threats that do result in crashes or visible
errors—such as spyware, worms, trojans, and rootkits.

While fuzzing is a simple technique, it is cost-effective and easy to scale. It can often
uncover serious flaws that go unnoticed when creating and debugging software
programs. However, it does not provide a complete picture of the security, quality, or
effectiveness of a software product. Therefore, it is usually combined with other
techniques like black box testing, beta testing, and unit testing.

_____________________________________________________________________________________________

Fuzzing is another technique that has piqued my curiosity in recent years. This indicates
that we're not necessarily accepting random inputs, but we're aiming to provide a
program or system with a variety of various possible inputs that may be outside of what
it knows how to take. We look for exceptions to it or for it to break. Alternatively, we wait
for it to shift into other program states. When we realize that we're giving new inputs that
are causing new program states, we now know that we have something else that we
can permeate so we can really get deeper into the code and try and test features that
might not necessarily be looked at as closely with code auditing, and this ultimately
makes it possible to find bugs that you would never be able to find by just manually
reviewing the source in complex applications, for example, flaws in PHP and AJAX.
Fuzz performs buzzing, which is sending over input to an application, and fuzz does it
quickly, so you can take a request and add essentially like an attack designation, and
with that, you just fuzz all capitalized and you can provide a word list that word list can
have whatever gibberish or directory list or username list that you want to provide and
fuzz will quickly send repeated requests over a network.
______________________________________________________________________

Fuzz Testing Best Practices

Here are a few ways you can evaluate the effectiveness of a fuzzing solution.

Improve Testing Speed

A critical metric for fuzzing is how many test cases you can run per second. The more
test cases you can run in a given timeframe, the more likely you are to find a crash or
error. Faster fuzz testing also makes it possible to integrate fuzzing into automated
testing processes.

There are many things you can do to speed up your test cases, such as making
generative or mutation routines more efficient, parallelizing test cases, reducing
timeouts, and running your program in headless mode (without a user interface). If you
are hosting fuzz testing yourself, you can also run it on more powerful hardware.

Reduce Test Cases

Because fuzzing randomly changes the input, test cases often contain variations or
mutations that do not trigger an error. Reducing test cases means narrowing test cases
to the smallest set of changes that are likely to cause a bug or crash.

This reduction can be done manually, but it can also be done automatically by the
fuzzing solution. When a crash occurs, the fuzzer can rerun the test case multiple times.
Each time a bug is triggered, it can incrementally reduce changes to the input
(compared to a base valid input), until it arrives at the minimal change needed to trigger
the error. This simplifies analysis and helps understand exactly which part of the input is
related to the error or crash.

Track Code Coverage

Code coverage is a measure of how much of your software code a fuzzer executed.
The notion is that the wider the coverage, the more extensively the fuzzer tests the
programs. There are many ways to measure code coverage including lines, code
blocks, branches, and code paths.

Measuring code coverage for fuzzing can be and might require binary instrumentation to
track what code is running during each fuzz request.

Code coverage is not a perfect measure for fuzz testing because much of the
application code will not result in an error, even if executed. Still, some form of code
coverage measurement can provide insight into what the fuzzer is triggering in your
program, and enable fine-tuning of the fuzzer’s activity.

_____________________________________________________________________________________________

Why are the World’s Biggest Companies Implementing Fuzz Testing?

Some of the world’s biggest and most respected organizations are implementing fuzzing as part of their quality
control and cybersecurity operations:

 Google uses fuzzing to check and protect millions of lines of code in Chrome. In 2019, Google discovered
more than 20,000 vulnerabilities in Chrome via internal fuzz testing.

 Microsoft uses fuzzing as one of the stages in its software development lifecycle, to find vulnerabilities and
improve the stability of its products.

 The US Department of Defence (DoD) issued a DevSecOps Reference Design and a

Application Security Guide which requires fuzz testing as a standard part of software development
processes.

These and many other organizations are adopting fuzzing into their standard development processes for several
reasons:

 Fuzzing does not just identify the problem, it also shows the cause of the problem and how an attacker may
interact with it in a real-life attack.

 Fuzzing proves a vulnerability exists, identifying problems without having to sift through false positives.

 Fuzzing is fully automated and can run independently for days or even weeks, identifying more and more
vulnerabilities in a system under test.

 Fuzzing is highly useful for developers. The role of developers is to develop and improve product features.
While traditional security tools only point out flaws, fuzzers show the result of the flaw and demonstrate the
impact of solving it.