From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Fuzz testing
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Fuzz testing
- [Instructor] Fuzz testing or fuzzing is a very important software security testing technique. Fuzzing provides many different types of valid and invalid input to software in an attempt to make it enter an unpredictable state or disclose confidential information. It works by automatically generating input values and feeding them to the software package. Fuzzing can use different input sources. The developer running the test can supply a long or short list of input values. The developer running the test can write a script that generates input values. The fuzz testing software can generate input values randomly or from a specification. This is known as generation fuzzing. Or the fuzz tester can analyze real input and then modify those real values. This is known as mutation fuzzing. Let's take a look at an example of fuzz testing. We'll use the Zed application proxy or ZAP, available for free from the Open Web…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.