Fuzz testing, also known as fuzzing or monkey testing, is a technique used to test software for unknown vulnerabilities. The fuzz testing process is automated by a program known as a fuzzer. This program comes up with a large amount of data to send to the target program as input. If the target program crashes or behaves in an undesirable way, the fuzzer makes a log of the input that caused the error.
Hackers often use fuzzers to look for vulnerabilities in software, probing it for weaknesses they can exploit. Software developers can use a fuzzer to anticipate and defend against those types of attacks.
Origin
The first fuzzer was written in the early 1980s by developer Steve Capps to test for weakness in programs for the Macintosh computer. He called his program “The Monkey,” referring to the classic adage of a monkey pressing random keys on a typewriter indefinitely. The theory is that given enough time, the monkey will eventually write the complete works of Shakespeare. Although this approach to software testing is often called “fuzzing,” it is also called “monkey testing” because of Capps’ program.
List of fuzzers
Fuzzing techniques help with software testing, and many fuzzers exist for specific purposes.
The following is a list of fuzzers, most of them being open-source and many still in active development.
The following are fuzzing harnesses, or frameworks, which helps you manage your fuzz testing.
- AddressSanitizer, which detects memory address errors in C and C++ programs. LeakSanitizer, which detects memory leaks. ThreadSanitizer, which detects race conditions in C++ and Go. Memory Sanitizer, which detects uninitialized memory.
Bug, Programming terms, Security terms, Software testing
