The idea of throwing random test data at a program to see if it cracks has been around in one form or another since the beginning of software development. A formalized approach called fuzzing, based on Professor Barton Miller's work at the University of Wisconsin in the late 1980s, is undergoing a revival as a means of testing …
Fuzzing is quite good fun
Yeah it has been around for quite sometime - and it is just automated testing really on all the different input levels.
But, it allows you to bring in some rather esoteric computer science techniques, so genetic algorithms can be useful, libraries of old exploits can be abstracted and detection of compromise honed.
With the improvement in computing speeds and parallel computing it becomes more powerful day by day.
The Fuzzing book is ok, but I do think they hold back a bit and some of their conclusions early on are more rule of thumb just waiting to be broken, but still an excellent read.
Obviously the logical move from fuzzing is back to ideas such as Z and formal specification where the program has to be mathematically proven to work, though oddly no one often wants to pay for that style of work, maybe fuzzing will make that side of things more appealing.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Feature Be your own Big Brother: Monitoring your manor, the easy way
- Boffins say they've got Lithium batteries the wrong way around
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer