There are two types of testing methodology
General testing (Test case are fixed)
Spec-focused use cases
Fuzzing may find more bugs than all other forms of testing.
The main issue is verification
Hard to define the right output
Hard to manage the side effects
Distinguish bugs from features
Three primary methods
Source code auditing (static/dynamic input)
White box testing
Requires source code
Need compiler flags for this
Like buffer overflow etc
Reverse engineering (static input)
Fuzzing (dynamic input
Lots of tools/frameworks exist
Its not necessary to have source code
only binary is fine
Dynamic Taint Analysis / Data flow (dynamic)
Symbolic Execution (Dynamic)
Not all bugs are vulnerabilities.
Only exploitable bugs are vulnerabilities.
So look for exploitable bugs.
Testing process by sending specific data to app, and try to generate certain responses
Specific data includes
- Mutated data, generational data, edge cases, unanticipated data-types, etc
Certain response includes
- crashes, errors, anomalous behavior, changed app states, etc
effective since it can transit 1000x more test cases than manual testing.