Introducing FuzzQual: Benchmarks For Testing, Verification, and Compliance

10/31/2016

Introducing FuzzQual: Benchmarks For Testing, Verification, and Compliance

How much fuzz testing is ‘enough?’ We set out to answer this question by leveraging our years of experience in developing the world’s most advanced fuzz testing platform. Now, we’re thrilled to share the news: the Peach Fuzzer team has established a set of standardized fuzz testing benchmarks known as the FuzzQual Testing Framework.

With FuzzQual, vendors can leverage industry-leading security guidelines as a competitive advantage when demonstrating the quality of their solutions!

Setting the Standard for Fuzz Testing:

We developed the FuzzQual Testing Framework after a rigorous analysis of current fuzz testing efforts and consultation with industry experts. Through that process, we identified four key factors that inform fuzz testing and quality assurance:

  1. Complexity of the test target
  2. Frequency of testing
  3. Maturity of development process
  4. Desired QA goal

Using these key factors, Peach Fuzzer developed two sets of benchmarks to address the diverse needs of multiple communities.

The First Step: How Many Test Cases?

Determining the optimal number of test cases is easy with the FuzzQual Testing benchmark. It features four levels of fuzz testing matched to general product needs and typical development cycles.

With this formalized guidance, QA teams and security testers have the benefit of standardized and consistent testing across releases, and a robust framework for regression testing. Our FuzzQual Testing Levels help these product testers find the right fuzzing fit for their development lifecycle, whether the test target is a weekly build or a critical component with a mature security profile.

Step Two: Trust, But Verify

Taking it a step further, we designed the FuzzQual Verification benchmark to offer higher levels of assurance and compliance for same-in-class solutions. By setting a minimum number of test cases between failures at corresponding levels of fuzzing, FuzzQual Verification offers vendors a rigorous evaluation of software quality that’s comparable between competing solutions. These Verification Levels can be assessed and certified by a third party.

Gain Competitive Advantage

The bottom line is that we made it easy to understand how much fuzz testing is ‘enough’ for your product. Since fuzzing is one of the most efficient ways to reveal unknown vulnerabilities and potential zero-days, FuzzQual is ideal for organizations seeking a consistent and measurable standard for conducting automated security testing.

Demonstrate the security quality of your solution by learning more and make sure you’re meeting FuzzQual testing and verification standards.

Top