Secure Software Needs Careful Testing — And Lots Of It
Article by: Herbert H.Thompson
With fuzzing, we deliberately attack software with random data in search of unexpected responses
Software testing comes in many flavors. Unit testing analyzes individual components before they’re integrated into larger systems. System and integration testing checks that modules work together. Regression testing verifies that everything still works after a change is made to the code. And security testing checks that data is protected.
Tools such as source-code scanners, security-aware compilers, and application scanners help developers find vulnerabilities in code. And techniques like fuzz testing uncover inputs that can cause apps to behave badly.
With fuzzing, we deliberately attack software with random data in search of weaknesses and unexpected responses. Fuzz testing is particularly important in Web application development, and it’s playing a growing role in ensuring that “security quality” — the confidentiality, integrity, and availability of systems and data for users — is integrated into every phase of development.
