An Introduction to Software Fuzzing

In thinking about the true nature of software testing, what are we trying to achieve?, asked Justin Reock in a recent article for Jaxenter.

“At the most granular level, we are trying to take the software down as many code execution paths as possible, and we are monitoring the behavior of the application to see how it behaves along those paths,” says Reock, who is Chief Architect for OpenLogic at Perforce Software and author of a chapter about software fuzzing in a new book from Perforce Software, called Accelerating Software Quality: Machine Learning & Artificial Intelligence in the Age of DevOps. In the article, Reock explains the idea of software fuzzing and why it’s important. 

Many approaches to software testing “have formed out of a will to eliminate as much as possible the bias of the human tester,” he says. “One of those approaches is the notion of software fuzzing. With fuzzing, the goal is to take the software down unexpected paths by hammering it with random, unexpected input. The state of the program is captured and analyzed, and if the software reacts in a way that wasn’t intended by the developer, the input is said to have triggered an “interesting state.” 

Furthermore, Reock notes, specific kinds of software fuzzers lend themselves to creating feedback loops. “For instance, if we find a piece of input that generates an interesting state, we can look at characteristics of that input to try and find other, potentially similar kinds of input that could generate even more interesting states.”

Read the complete article at Jaxenter.