Tel: 03333 200 222
Email: [email protected]

What is Fuzzing in cyber security?

2 minute read
Fuzzing is a method of finding software vulnerabilities by providing unintended input to the target system and monitoring for abnormal results.
By, Jack Wong

Fuzzing in cyber security is a method of finding software vulnerabilities by providing unintended input to the target system and monitoring for abnormal results.

Detecting security vulnerabilities in software or computer systems is the main function of fuzzing. The core idea is to input automatically or semi-automatically generated random data into a program and monitor exceptions such as crashes and assertion failures.

Barton Miller of the University of Wisconsin in 1988 first proposed fuzzing. Their work not only uses random and unstructured test data, but also systematically uses a series of tools to analyse various software on different platforms. In addition, they disclosed the source code, testing process, and raw result data.

What is the purpose of fuzzing?

  • Find the most important security faults and vulnerabilities
  • Produces more effective results when combined with black box testing, beta testing, and other debugging techniques
  • Most cost-effective methods for identifying software vulnerabilities 

The Steps of Fuzzing in cyber security

  • Determine the target system
  • OK input
  • Create fuzzy data
  • Run tests with ambiguous data
  • Pay close attention to the performance of the system
  • Keep a defect log

Fuzzer example 

Fuzzers that modify existing data samples to generate new test data are called mutation-based fuzzers. This is the most straightforward technique, as it starts with an acceptable sample of the protocol and goes on to corrupt every byte or file.

A generative-based fuzzer creates new data from the model's input. It starts from scratch, generating input on demand.

The PROTOCOL-BASED-FUZZER, one of the most successful fuzzers, has comprehensive knowledge of the protocol format being tested. It requires inputting a series of specifications into the tool, adding irregularities to data content, sequences, etc. Grammar testing, robustness testing, and other terms are used to describe this process. The Fuzzer can create test cases from scratch and invalid inputs.

Types of bugs detected by Fuzzing in cyber security

  • Invalid InputsFuzzers are used for fuzzing to produce false inputs for testing error handling algorithms, which is critical for software that has no control over its inputs. Simple fuzzing is a technique for automating negative tests.
  • Correctness bugsCertain "correctness" issues can also be detected by fuzzing—for example, database corruption, insufficient search results, etc.

Fuzzing Tools in cybersecurity

  • Peach Fuzzer
  • Spike Proxy
  • Webscarab
  • OWASP WSFuzzer

Fuzzing is a type of software engineering used to identify defects in an application. Fuzzing does not ensure that all defects in a program are detected. However, a fuzz approach ensures that the application is resilient and secure, as it helps reveal the most common flaws.

More from Swiftcomm

Efficient and Affordable Fixed Cost IT Support in Peterborough: Your Solution for Seamless Tech Management
In today's fast-paced business world, technology plays a pivotal role in the success of organisations, regardless of their size. As companies increasingly rely on technology to streamline business operations, enhance customer experiences, and gain a competitive edge, reliable IT support has never been more critical. In this blog, we will explore the world of fixed cost IT support in Peterborough—a solution that offers efficiency and affordability for support specialists while ensuring seamless tech management for businesses.
Full Article
Addressing Diverse Industry Challenges: IT Support for SME London
The thriving business landscape of London comprises a diverse array of small and medium-sized enterprises (SMEs) spanning various industries, each with its own unique IT needs and challenges. From finance and healthcare to creative agencies and manufacturing businesses, the technology requirements can significantly differ. This is where IT support providers play a crucial role, offering tailored solutions to address the diverse industry challenges faced by SMEs in London. When it comes to IT support for SME London, these providers offer customized solutions that can help businesses thrive in this dynamic environment.
Full Article
Trusted by 100s of businesses already
Uniquely tailored approach
Outstanding customer service

Talk with us

We pride ourselves on being an honest trustworthy business communications provider
Call 03333 200 222 or if you would prefer us to call you.
Schedule a call
We love emails, to send us one use [email protected] or fill in our
Contact Form
Live Chat
Got a question? Our live chat is open and ready to assist
Chat Now
Contact a specialist