Steps Towards Fuzz Testing in Agile Test Automation

Steps Towards Fuzz Testing in Agile Test Automation

Pekka Pietikäinen (Oulu University Secure Programming Group, Oulu, Finland), Atte Kettunen (Oulu University Secure Programming Group, Oulu, Finland) and Juha Röning (Oulu University Secure Programming Group, Oulu, Finland)
Copyright: © 2016 |Pages: 15
DOI: 10.4018/IJSSE.2016010103
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Including and automating secure software development activities into agile development processes is challenging. Fuzz testing is a practical method for finding vulnerabilities in software, but has some characteristics that do not directly map to existing processes. The main challenge is that fuzzing needs to continue to show value while requiring minimal effort. The authors present experiences and practical ways to utilize fuzzing in software development, and generic ways for developers to keep security in mind.
Article Preview

2. Fuzzing

Fuzz testing originates from the late 1980's, when Professor Barton Miller discovered that modem line noise (i.e., a stream of random bits) could cause faults in commonly used UNIX tools, and began investigating the phenomenon (Miller, Fredriksen, & So, 1990). The work was continued at the Oulu University Secure Programming Group (OUSPG), where the PROTOS project developed methods for model-based robustness testing and enabling the industry themselves to find vulnerabilities (Kaksonen, 2001).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): 2 Released, 2 Forthcoming
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing