OSNews:

OSNews: http://www.osnews.com/story/18389/Mozilla_Releases_Browser_Testing_Tools Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Tue, 10 Nov 2009 05:44:38 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Fuzzing == testing http://osnews.com/thread?260646 http://osnews.com/thread?260646 fuzzing, aka. sending random improper data at a piece of code to see if it handles it correctly.
aka. normal proper testing Fri, 03 Aug 2007 16:15:00 GMT donotreply@osnews.com (jessta) Comments Not bad http://osnews.com/thread?260663 http://osnews.com/thread?260663 From another article:
Ruderman claimed that in its brief existence jsfunfuzz (the js fuzzer) has already found 280 bugs in Firefox, 27 of which were exploitable. Fri, 03 Aug 2007 16:51:00 GMT donotreply@osnews.com (smitty) Comments RE: Fuzzing == testing http://osnews.com/thread?260684 http://osnews.com/thread?260684 "aka. normal proper testing"

In an ideal world yes, in the real world no: nearly all the unit test I've seen check the behaviour of the application when given "normal" data.

Given this, it makes sense to use another name for 'security testing' where you're explicity testing the application against a cracker.

Of course 'security testing' is not restricted to fuzzing.. Fri, 03 Aug 2007 17:55:00 GMT donotreply@osnews.com (renox) Comments Sounds nice... http://osnews.com/thread?260686 http://osnews.com/thread?260686 ...anyone know where to download these tools from? Fri, 03 Aug 2007 18:00:00 GMT donotreply@osnews.com (robinh) Comments RE: Sounds nice... http://osnews.com/thread?260691 http://osnews.com/thread?260691 https://bugzilla.mozilla.org/show_bug.cgi?id=jsfunfuzz Fri, 03 Aug 2007 18:10:00 GMT donotreply@osnews.com (AxiomShell) Comments Memory leaks http://osnews.com/thread?260771 http://osnews.com/thread?260771 Maybe this will help them find all the memory leaks?
One can hope. Sat, 04 Aug 2007 02:24:00 GMT donotreply@osnews.com (RawMustard) Comments RE: Memory leaks http://osnews.com/thread?260785 http://osnews.com/thread?260785 In case you were actually being serious, no this will not help find memory leaks.

I'm pretty sure that was supposed to be sarcasm.
They're working on them, and the goal is for the next version to be completely free. One of the developers recently took Firefox3 to the 500 most popular internet sites, and there was only 1 leak (which was immediately fixed). Of course, he didn't do any navigation inside the sites, only going to the main page. But that is still pretty good. Sat, 04 Aug 2007 05:07:00 GMT donotreply@osnews.com (smitty) Comments RE[2]: Fuzzing == testing http://osnews.com/thread?260973 http://osnews.com/thread?260973

In an ideal world yes, in the real world no: nearly all the unit test I've seen check the behaviour of the application when given "normal" data.

I've found that to be the case even when testing web-based forms. Ten percent of the time is spent making sure the forms work when users fill them out correctly; the other ninety percent of the time is occupied by making sure there is proper error-handling when users enter information incorrectly. Sun, 05 Aug 2007 08:06:00 GMT donotreply@osnews.com (StephenBeDoper) Comments RE: Sounds nice... http://osnews.com/thread?261147 http://osnews.com/thread?261147 One such tool are zzuf, http://sam.zoy.org/zzuf/

For testing browsers this is not anything new, here is one article about it from back in April 2006. http://www.theregister.co.uk/2006/04/13/data_fuzzing/

You can run the test on your browser of choice, to see how long it takes before it crash :-) http://metasploit.com/users/hdm/tools/see-ess-ess-die/cssdie.html Mon, 06 Aug 2007 09:59:00 GMT donotreply@osnews.com (Morty) Comments