« Previous  |  Next »

Fuzzing

12 May 2013

I've previously written about StackOverflow full text indexing using SQLite. I've now loaded this site's small body of content into an SQLite FTS database, and have implemented a search interface for it. Before opening up the search interface to the big bad Internet, I reckon some testing is required.

Fuzzing "is a black box software testing technique which basically consists of finding implementation bugs using malformed/semi-malformed data injection in an automated fashion." This site runs as a Zinc server delegate in Pharo Smalltalk. In fuzzing the search interface, I will be fuzzing Zinc's input handling, my server delegate's input handling including its susceptibility to SQL injection, and possibly the CogVM FFI that hooks Pharo up with SQLite.

Of course, the Smalltalk image is not a black box. While fuzzing I will be able to view Zinc's source code, explore live objects, and check behaviour.

Blog comments powered by Disqus