Over the last decade, there’s been an uptick in progressive Silicon Valley tech behemoths adopting an application security testing technique called continuous fuzzing. While effective, fuzzing largely remains a hidden secret to the larger developer and security communities.
How many potholes did you encounter on your way into work today? How many of them did you report to the city?
In my previous post, we covered using bncov to do open-ended coverage analysis tasks to inform our testing. This time we’ll take a look at how to write better tests in the form of harness programs (also known as fuzz drivers, programs written to exercise specific parts of the code) that we will use for fuzz testing.