Fuzz Testing for Fun and Profit
A software test is no better than the data that drives it. Fuzz testing is a great way to find buggy, exploitable, or otherwise bad code – and if you’re working with a native application that operates on file input, it’s a solved problem. Grab AFL or some other all-in-one suite, hit go, and profit! But what about web services? What about managed applications? For a service-based developer, fuzz testing your HTTP serving layer isn’t all that interesting if you’re running on the latest version of Apache. Fuzz testing your application along its interface boundaries, though? Very interesting – and not a problem that can be solved with an all-in-one suite off the shelf. In this technical talk, Melissa will demonstrate not just about what fuzz testing is, but how to use it to test a service architecture at every level and interface. Using real-life examples and experience, she will demonstrate how easy it can be to integrate both mutation and generation fuzzing into an existing test strategy for services that operate at any scale – from micro to global. Every services developer should be able to feel confident not only that they’ve sanitized their inputs, but that they’ve been validated!