Look for attack surface *inputs
Generate fuzzed data for input
Execute test case
Monitor for exceptions
take an success test case as sample case, corrupt some parts of it
Pros: easy to check if the test is success, comparable results
Cons: not much results in low coding entropy, since the corrupted data wont cover a lot of code paths
Generate based on data model.
Pros: more cases to test, more code paths to be covered.
Cons: infinite test cases to each stage of a code path.
Hard to generate vary protocols.
Any fuzzing algorithm that actively reduces the testing state space
- focused on code path coverage
- adjustment after each round
Pros: automated, limited time, more code coverage testing
Limits: hard to implement
Test case should be considered based on those mechanics
just random input, zero consideration of the system
delimiters, tags for markup languages, meta characters etc
custom grammar to generate the format
given templates for given test case
file format / header / frame / packets etc
smarterdecisions to reduce test cases
try to look for the potiential code path
gdb / strace
Time complexity - most cases its