From the course: CISSP Cert Prep (2021): 8 Software Development Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Fuzz testing

Fuzz testing

From the course: CISSP Cert Prep (2021): 8 Software Development Security

Start my 1-month free trial

Fuzz testing

- [Instructor] Fuzz testing or fuzzing is a very important software testing technique. Fuzzing provides many different types of valid and invalid input to software. And in an attempt to make that software enter an unpredictable state or disclose confidential information. Fuzzing works by automatically generating input values and feeding them to the software package. Fuzzing can use different input sources. The developer running a test can supply a long or short list of input values, or they can write a script that generates those input values. The fuzz testing package can generate input values randomly or from a specification using a technique known as generation fuzzing or the fuzz testing package can analyze real input and then modify those real values in an approach known as mutation fuzzing. Let's take a look at an example of fuzz testing. We'll use the Zed application proxy or ZAP available for free from the Open Web…

Contents