The idea of throwing random test data at a program to see if it cracks has been around in one form or another since the beginning of software development. A formalized approach called fuzzing, based on Professor Barton Miller's work at the University of Wisconsin in the late 1980s, is undergoing a revival as a means of testing …
Fuzzing is quite good fun
Yeah it has been around for quite sometime - and it is just automated testing really on all the different input levels.
But, it allows you to bring in some rather esoteric computer science techniques, so genetic algorithms can be useful, libraries of old exploits can be abstracted and detection of compromise honed.
With the improvement in computing speeds and parallel computing it becomes more powerful day by day.
The Fuzzing book is ok, but I do think they hold back a bit and some of their conclusions early on are more rule of thumb just waiting to be broken, but still an excellent read.
Obviously the logical move from fuzzing is back to ideas such as Z and formal specification where the program has to be mathematically proven to work, though oddly no one often wants to pay for that style of work, maybe fuzzing will make that side of things more appealing.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Kaspersky backpedals on "done nothing wrong, nothing to fear" company article