1. What
    1. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program
      1. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks
    2. Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion
    3. Types of fuzzers
      1. generation-based or mutation-based depending on whether inputs are generated from scratch or by modifying existing inputs,
      2. dumb or smart depending on whether it is aware of input structure
      3. white-, grey-, or black-box, depending on whether it is aware of program structure
  2. Why
    1. prevent different kinds of bugs:
      1. detect memory related errors, such as buffer overflows and use-after-free
      2. detect race conditions and deadlocks
      3. detect undefined behavior
      4. detect memory leaks
      5. check control-flow integrity
    2. Advantages
      1. find the most serious security level fault or defect
      2. provides the best testing results
      3. one of the best cost-effective testing techniques
      4. identify vulnerabilities which are prone to be exploited by buffer overflow, DOS (Denial of Service), SQL injection and cross-site scripting
      5. can completely block the hacker’s show
  3. When
    1. History
      1. at the University of Wisconsin Madison in 1989 by Professor Barton Miller and his students
    2. as early as possible
    3. Continuous Fuzzing
  4. How
    1. A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs
    2. Attack types
      1. numbers (signed/unsigned integers/float…)
      2. chars (urls, command-line inputs)
      3. metadata : user-input text (id3 tag)
      4. pure binary sequences
    3. A common approach to fuzzing
      1. “known-to-be-dangerous values” (fuzz vectors)
        1. for integers: zero, possibly negative or very big numbers
        2. for chars: escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)
        3. for binary: random ones
    4. 5 Simple Steps
      1. Identify the target system and inputs
      2. Generate Fuzzed data
      3. Execute the test using fuzzy data
      4. Monitor system behavior
      5. Defects logging for any vulnerability detected
    5. Use tools
      1. Burp Suite
      2. Spike Proxy
      3. Webscarab
      4. OWASP WSFuzzer
      5. AppScan
      6. https://blackarch.org/fuzzer.html
  5. Who
    1. Developers
    2. Testers
  6. Where
    1. Web apps
    2. Mobile apps
    3. Desktop apps
  7. Sources
    1. https://en.wikipedia.org/wiki/Fuzzing
    2. https://owasp.org/www-community/Fuzzing
    3. https://www.guru99.com/fuzz-testing.html
    4. https://medium.com/ouspg/fuzz-testing-beginners-guide-da2c9179caa7
    5. https://fuzzit.dev/
    6. https://www.softwaretestingclass.com/fuzz-testing/