If you develop software that may process untrusted inputs, you should use fuzzing.Fuzzing is an effective way to find security bugs in software, so much so that the Microsoft Security Development Lifecycle requires fuzzing at every untrusted interface of every product.Why should developers add fuzzing to their toolkit?
Thousands of security vulnerabilities in all kinds of software have been found using fuzzing. Over the last two decades, fuzzing has become a mainstay in software security. In the February 2020 issue of Communications of the ACM, Microsoft researcher Patrice Godefroid published a new review article entitled “Fuzzing: Hack, Art, and Science,” which presents an overview of the main automated testing techniques in use today for finding security vulnerabilities in software.įuzzing means automatic test generation and execution with the goal of finding security vulnerabilities.
0 kommentar(er)
