Software Testing: Basic Fuzzing

15 vocabulary flashcards covering key fuzz testing concepts and tools.

Fuzz Testing

A dynamic testing technique that feeds invalid, unexpected, or random inputs to a program to uncover vulnerabilities; used to improve security and reliability.

Fuzzing

The process of applying fuzz testing by generating inputs to explore a program's response and reveal defects.

Mutation-Based Fuzzing

Alters existing valid inputs (e.g., bit flips, insertions, deletions, permutations) to create new test cases.

Generation-Based Fuzzing

Creates entirely new inputs from predefined specifications or models to explore targeted input space.

Random Fuzzing

Generates inputs randomly without patterns to broadly cover the input space, potentially missing edge cases.

Smart Fuzzing

Targeted fuzzing that follows predefined specifications or models to focus on specific program aspects.

Code Coverage

A measure of which parts of the program are exercised during testing, indicating test thoroughness.

Dynamic Analysis

Examines the program's behavior at run-time as it processes diverse inputs to detect crashes and vulnerabilities.

Feedback Loop

A cycle where fuzzing results inform and refine subsequent test cases and debugging efforts.

Machine Learning Integration

Using machine learning to guide test-case generation and improve fuzzing efficiency.

CI/CD Integration

Automating fuzz tests within the development pipeline for continuous security assessment.

AFL (American Fuzzy Lop)

A widely used open-source fuzzing tool that uses genetic algorithms to mutate inputs.

LibFuzzer

An in-process fuzzing framework within LLVM designed for C/C++ projects and easy integration.

AddressSanitizer (ASan)

A memory-safety tool that detects memory errors and is often used with fuzzing to identify issues.

OSS-Fuzz

Google's open-source fuzzing project that provides continuous fuzzing across many projects.