Fuzzing is a powerful tool that finds bugs in programs. Hackers regularly use fuzzing to discover software vulnerabilities to build their attacks. However, companies can also use fuzzing to find and fix vulnerabilities and thus improve the security of their software. Since both attackers and defenders have access to powerful IT resources, fuzzing has become an essential tool in the “arms race” between hackers and security experts.
In recent years, feedback-based fuzzing has experienced an unmatched success story. For example, over 27,000 bugs have been found in Google Chrome and several open-source projects. This infographic gives a broad overview of what fuzzing actually is and why you should use it in the SDLC. If you want to learn more in detail about the underlying technology you should read The Magic of Feedback-based Fuzzing.
Fuzzing can be very useful but it is not a panacea. Here are some of the advantages and disadvantages of feedback-based fuzzing:
Did you already try to set-up fuzzing for your project? Leave us a comment.