Security testing is a hot topic. Most of the testing is done by hand or scripts. A powerful interesting technique is ‘fuzzing’. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. In our toolset we have a test strategy component that is responsible for selecting the input for the system under test. We are interested in model based fuzzing. We expect that fuzzing becomes more powerful if we combine it with our toolset. For clients it would be a valuable extension of our proposition.
We have contacts with several researchers in the field that work on security and/or model based testing. For example, the group of Prof. Dr. Frits Vaandrager of the University of Nijmegen, where there also is the group of Prof. Dr. Bart Jacobs.
Possible research questions:
- How to combine fuzz testing with model based testing?
- Can we use the information that we have in the model to enable more powerful fuzzing techniques?
- Does it make sense to write our own fuzzer, or should we use an already existing one?
- If the former is the case, we want to create our own fuzzer.
- If the latter is the case, we want to know what fuzzer are best for model based testing and we want to integrate one/some into our toolset.
- How does fuzzing relate to robustness testing?
Expected deliverables:
- Implementation of a model based fuzzer.
- Theory about model based fuzzing and robustness testing.
- Application of the toolset against a system.