What is Fuzz Testing?

08/24/2018

monkey testing

There’s an old adage about an infinite number of monkeys given an infinite amount of time being able to write Shakespeare. At the risk of mixing metaphors, you might think about fuzz testing as an infinite number of monkeys trying to hack a computer.

When a program like Peach Fuzzer “fuzzes,” it delivers random and malformed inputs into the target it’s trying to hack in an attempt to expose vulnerabilities in the code. These inputs are designed to be something a human may not think to do by themselves, either because it is seemingly illogical or time-consuming (often both). After all, hacks by bad actors are not always done by human hands alone. But the illogical and random nature of these inputs doesn’t mean they are inherently unsuccessful; the point is that they are just logical enough to not get immediately denied by a system (e.g. “this password format is incorrect—passwords must contain at least one letter and one number”), but illogical enough that they can expose vulnerabilities in technologies that would be difficult or functionally impossible for humans to manually find. Attackers frequently use fuzzing to uncover zero-day vulnerabilities in technologies, so it’s important to use it as a line of defense against them.

This is especially true for technologies developed and maintained in agile development frameworks. A major benefit of fuzz testing is that it’s automated; humans are required for setup, ongoing configuration, and bug remediation, but fuzzers do the core security testing processes themselves. Fuzzers do not replace the work of manual penetration testers; they complement them. Human pen testers dig deep using human ingenuity and our natural ability to problem-solve—but at a human pace. Fuzzers work at inhuman speeds to cover a broad area at a cheaper hourly rate.

What is Peach Fuzzer?

Peach Fuzzer is a unique fuzz testing system. There are a wide range of both open-source and commercial fuzzers, but most are designed for niche use cases. Peach Fuzzer is one of the few that provides both the comprehensive test coverage and high level of customization needed by organizations. Since its initial creation over 10 years ago, Peach Fuzzer has been in continual development, expanding its out-of-the-box protocol support coverage and scope of feature sets.  And it’s not just standard desktop and server software that Peach can fuzz: There’s been a massive increase in connected systems being used in industries like automotive, building automation, and medical devices. This has in turn increased the need for a fuzz testing program for any organization developing technologies. Some of the reasons you should consider using Peach instead of another kind of fuzzer include:

  • Flexible – you pay for only what you use
  • Immediately test over 100 standard protocols and file formats
  • Extensive customization options so you can test unique or proprietary systems
  • Technical support and training from industry-leading engineers who have collectively spent decades designing and developing fuzz testing tools

For more information about the power of Peach, contact sales@peach.tech

Top