From the course: CompTIA Security+ (SY0-701) Cert Prep

Unlock the full course today

Join today to access over 24,200 courses taught by industry experts.

Fuzz testing

Fuzz testing

- [Presenter] Fuzz testing or fuzzing is a very important software testing technique. Fuzzing provides many different types of valid and invalid input to software in an attempt to make that software enter an unpredictable state or disclose confidential information. Fuzzing works by automatically generating input values and feeding them to the software package. Fuzzing can use different input sources. The developer running a test can supply a long or short list of input values, or they can write a script that generates those input values. The fuzz testing package can generate input values randomly or from a specification using a technique known as generation fuzzing or the fuzz testing package can analyze real input and then modify those real values in an approach known as mutation fuzzing. Let's take a look at an example of fuzz testing. We'll use the Zed application proxy or ZAP available for free from the open web application security project, OWASP. Here I am inside ZAP. I'm going…

Contents