Violating assumptions with fuzzing

Fuzzing, a highly automated testing technique that covers numerous boundary cases using invalid data as application input to better ensure the absence of exploitable vulnerabilities, is discussed. Fuzzing lets developers or quality assurance (QA) teams tests large numbers of boundary cases when doing so with techniques such as functional testing would be cost prohibitive. A fuzzer tool generates semivalid data, sends it to a target application for processing, and then observes the application to see if it fails as it consumes the data. Pattern-based fuzzers generally cost less to write than intelligent fuzzers, while providing results of a similar caliber.