Issue No.02 - March/April (2005 vol.3)
Peter Oehlert , Microsoft
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.55
Boundary conditions are important because significant subsets of boundary condition failures are security failures. As such, the boundary conditions we don't test today are the security patches we'll have to issue tomorrow. An effective way to limit border vulnerabilities is ttesting via fuzzing. This highly automated testing technique can cover large numbers of boundary cases using invalid data (from files, network protocols, and other targets) as application input. This article shows how fuzzing often works well when techniques such as functional testing would be cost prohibitive.
fuzzing, software testing, boundary conditions, completeness testing, comprehensive negative testing, quality assurance
Peter Oehlert, "Violating Assumptions with Fuzzing", IEEE Security & Privacy, vol.3, no. 2, pp. 58-62, March/April 2005, doi:10.1109/MSP.2005.55