Term:Fuzz Testing

From FISMApedia
Jump to: navigation, search

NIST SP 800-95

Fuzz Testing - Similar to fault injection in that invalid data is input into the application via the environment, or input by one process into another process. Fuzz testing is implemented by tools called fuzzers, which are programs or script that submit some combination of inputs to the test target to reveal how it responds. (Department of Homeland Security, Security in the Software Lifecycle: Making Software Development Processes-and Software Produced by Them-More Secure Version 1.0, https://buildsecurityin.us- cert.gov)