Towards user-friendly fuzzers
Fuzz testing, or simply fuzzing, is an automated testing technique aiming at discovering bugs or vulnerabilities of software systems by providing random, invalid, or potential harmful input data. Fuzzing is a black-box testing technique, as typically, fuzzers, i.e. tools running fuzzing, have no access to the source code. Where structured testing will typically be manually written, i.e. developers will write test cases to ensure a system behaves as expected - verification - and fulfils the users’ expectations - validation -, fuzzing tools may employ techniques to generate a range of inputs with minimal manual intervention. However, many open-source or openly-accessible fuzzers have rudimentary user interfaces, so that developers must typically have a good understanding of what software security testing is, as well as understand how specific fuzzers need to be configured for specific software under tests. This project will explore how existing fuzzers could be made more approachable for non-experts. The scope of the project will be restricted to web systems (REST).