Violating Assumptions with Fuzzing

Peter Oehlert

doi:10.1109/MSP.2005.55

Security&Privacy
2005
Issue No. 2 - March/April
Abstract - Violating Assumptions with Fuzzing

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Peter Oehlert

Violating Assumptions with Fuzzing

March/April 2005 (vol. 3 no. 2)

pp. 58-62

	ASCII Text	x
	Peter Oehlert, "Violating Assumptions with Fuzzing," IEEE Security & Privacy, vol. 3, no. 2, pp. 58-62, March/April, 2005.

	BibTex	x
	@article{ 10.1109/MSP.2005.55, author = {Peter Oehlert}, title = {Violating Assumptions with Fuzzing}, journal ={IEEE Security & Privacy}, volume = {3}, number = {2}, issn = {1540-7993}, year = {2005}, pages = {58-62}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2005.55}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Violating Assumptions with Fuzzing IS - 2 SN - 1540-7993 SP58 EP62 EPD - 58-62 A1 - Peter Oehlert, PY - 2005 KW - fuzzing KW - software testing KW - boundary conditions KW - completeness testing KW - comprehensive negative testing KW - quality assurance VL - 3 JA - IEEE Security & Privacy ER -

Peter Oehlert, Microsoft

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.55

Boundary conditions are important because significant subsets of boundary condition failures are security failures. As such, the boundary conditions we don't test today are the security patches we'll have to issue tomorrow. An effective way to limit border vulnerabilities is ttesting via fuzzing. This highly automated testing technique can cover large numbers of boundary cases using invalid data (from files, network protocols, and other targets) as application input. This article shows how fuzzing often works well when techniques such as functional testing would be cost prohibitive.

Index Terms:

fuzzing, software testing, boundary conditions, completeness testing, comprehensive negative testing, quality assurance

Citation:

Peter Oehlert, "Violating Assumptions with Fuzzing," IEEE Security & Privacy, vol. 3, no. 2, pp. 58-62, March-April 2005, doi:10.1109/MSP.2005.55

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.