The idea of throwing random test data at a program to see if it cracks has been around in one form or another since the beginning of software development. A formalized approach called fuzzing, based on Professor Barton Miller's work at the University of Wisconsin in the late 1980s, is undergoing a revival as a means of testing …
Fuzzing is quite good fun
Yeah it has been around for quite sometime - and it is just automated testing really on all the different input levels.
But, it allows you to bring in some rather esoteric computer science techniques, so genetic algorithms can be useful, libraries of old exploits can be abstracted and detection of compromise honed.
With the improvement in computing speeds and parallel computing it becomes more powerful day by day.
The Fuzzing book is ok, but I do think they hold back a bit and some of their conclusions early on are more rule of thumb just waiting to be broken, but still an excellent read.
Obviously the logical move from fuzzing is back to ideas such as Z and formal specification where the program has to be mathematically proven to work, though oddly no one often wants to pay for that style of work, maybe fuzzing will make that side of things more appealing.
- Ex-Soviet engines fingered after Antares ROCKET launch BLAST
- Hate the BlackBerry Z10 and Passport? How about this dusty old flashback instead?
- NASA: Spacecraft crash site FOUND ON MOON RIM
- Google's Mr Roboto Andy Rubin bids sayonara to Chocolate Factory
- NATO declares WAR on Google Glass, mounts attack alongside MPAA