Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.
Fuzz testing is often used in large software development projects that employ black-box testing . These projects usually have a budget to develop test tools, and fuzz testing is one of the techniques which offers a high benefit to cost ratio.
However, fuzz testing is not a substitute for exhaustive testing or formal methods : it can only provide a random sample of the system's behavior, and in many cases passing a fuzz test may only demonstrate that a piece of software can handle exceptions without crashing, rather than behaving correctly. Thus, fuzz testing can only be regarded as an assurance of overall quality rather than a bug-finding tool.
As a gross measurement of reliability, fuzzing can suggest which parts of a program should get special attention, in the form of a code audit , application of static analysis , or partial rewrites .
Fuzz testing,中文可以翻译为模糊测试 ,简单的说来就是构造一些random或者unexpected的数据作为程序的输入,观察程序在这种情况下的工作 状况。Fuzz testing是检查程序容错性的一个重要的测试手段。
转自这里
发表评论
-
QA Basic --- Sanity testing
2010-11-26 15:35 1121A sanity test or sanity check i ... -
Basic -- Software quality assurance
2010-11-16 15:40 0Software quality assurance 不但在软 ... -
Basic QA --- Monkey testing
2010-11-16 15:25 1121In computer science, a monkey t ... -
[Auto-Selenium]Selenium
2010-11-10 13:51 0What is Selenium? Selenium ... -
浏览器代理设置
2010-10-25 17:44 750Chrome Tool menu/Options/Under ... -
Basic --- Alpha和Beta测试简介
2010-09-06 17:24 770大型通用软件,在正式 ... -
常用测试工具
2010-07-28 10:31 0Test Director TestDirector是M ... -
[LoadRunner]基本概念
2010-07-23 09:02 9291, .lrs 场景文件(Senaro):描述虚拟用户是按什 ... -
[白盒]代码测试工具EMMA
2010-06-28 13:14 0http://emma.sourceforge.net/ -
[LoadRunner]压力测试
2010-06-01 14:38 0启动rstatd服务,以便使用LoadRunner工具来监视L ... -
[工作日志]人员管理--20100514
2010-05-14 15:45 01,及时了解member状态: what does she/ ... -
Basic --- Sanity testing
2010-05-13 16:01 642In computer science, a sanity t ... -
[Tool]MRTG使用及分析
2010-05-12 10:28 0校園網路防火牆 ISG-2000 Session 負載統計 ... -
Basic -- Ad hoc testing
2010-05-11 14:38 703Ad hoc testing is a commonly ... -
[工作日志]月会---管理心得
2010-05-10 13:29 0OE QA Meeting - May 1, 重点不够突出 ... -
[转]Scrum方法二十问
2010-04-06 10:47 1208Scrum作为敏捷方法之 ... -
敏捷宣言
2010-03-31 15:46 942《敏捷宣言》 个 ... -
RC(Release candidate)
2010-03-31 10:36 784Release candidate The term ... -
Mac - Selenium RC + Hudson + Maven
2010-03-29 20:29 01,下载tomcat 的 tar.gz 2,解压缩到某处 ... -
软件工程的三段论起源及发展趋势etc
2010-03-16 14:30 0软件工程的三段论起源及发展趋势 转自: http://www ...
相关推荐
OSS-Fuzz:开源软件的连续模糊测试 是一种用于发现软件编程错误的众所周知的技术。 其中许多可检测到的错误(例如)可能会带来严重的安全隐患。 通过部署 Google已经发现了的安全漏洞和稳定性错误,我们现在希望与...
OSS-Fuzz漏洞这是用于记录公开的漏洞的存储库,并且充当OSS-Fuzz漏洞的真相来源。 每个OSS-Fuzz漏洞都有由OSV添加的精确受影响的版本和提交版本信息。 用户可以在此处提交PR来更新任何信息。格式规格格式描述。 请...
开源项目-dvyukov-go-fuzz.zip,dvyukov/go-fuzz: fuzzer for Go libraries
OSS-FuzzOSS-Fuzz 能够针对开源软件进行持续的模糊测试,它的目的是利用更新的模糊测试技术与可拓展的分布式执行相结合,提高一般软件基础架构的安全性与稳定性。OSS-Fuzz 结合了多种模糊测试技术/漏洞捕捉技术(即...
文件上传时,文件名的fuzz模糊测试,可以利用脚本生成大量测试名,可以用burpsuite进行测试。
OSS-Fuzz-开源软件的连续模糊测试状态:Beta。 我们正在准备将该项目公开发布。 常见问题| 理想的模糊集成| 新项目指南| 重现错误 项目| 项目发行时间T OSS-Fuzz-开源软件的连续模糊测试状态:Beta。 我们正在准备将...
Fuzz testing o fweb applications
在Kali(2018.2)上构建afl-fuzz(-Q模式) 版本: kali-linux-2018.2-amd64 afl-2.52b 没有补丁会抛出这样的错误: static int memfd_create(const char *name, unsigned int flags) ^~~~~~~~~~~~ In file ...
浅析Peach-Fuzz.pdf
JSON :: Fuzz :: Generator 从JSON模式模糊参数生成器安装将此行添加到您的应用程序的Gemfile中: gem 'json-fuzz-generator' 然后执行: $ bundle 或将其自己安装为: $ gem install json-fuzz-generator用法输入...
Fuzz-Testing-Lab:在易受攻击的字符串实用程序上使用American Fuzzy Lop(AFL)执行了模糊测试
1995_第一次提出fuzz概念fuzz-revisited1
cargo-fuzz:用于模糊测试的命令行助手
INSERT DESIGNATOR, IF NEEDEDFuzzing(模糊测试)Fuzzing is an automated softwaretesting