Fuzz testing is a software testing technique that involves using an automated piece of software to generate unexpected or random input for another piece of software. This technique is effective for discovering security vulnerabilities related to improper handling of user input, data validation and error handling.
Web applications are particularly subjective to fuzz testing and therefore fuzzers are extensively used by automated web application vulnerability testing scanners and other tools. The process of fuzzing often is based around the following process:
- The application is spidered/crawled and all forms, links and calls to services are extracted.
- The fuzzer creates various test-cases based on the discovered data.
- An analyzer is observing the fuzzier for interesting behavior during the test.
The quality of the fuzz-test entirely depends on the ability of the fuzzier to produce interesting input and the effectiveness of the analyzer to detect abnormal behavior. Additionally, the discovery of interesting test-cases, the area of the spider/crawler, is also very important in order to provide a complete coverage.
Fuzzing is an art on its own and there are many books dedicated specifically on the subject.