Module 4: Random Testing

[Video] [Slides]

Description:

This module introduces the concept of Random Testing and describes its evolution over three generations from its inception to today’s sophisticated fuzzers. You will learn about general-purpose fuzzers, their strengths and limitations, and how to effectively apply them to uncover crashing bugs and security vulnerabilities. You’ll also learn how the random testing paradigm is adapted to test programs in two important domains, mobile apps and multi-threaded programs, and how it can provide a probabilistic worst-case guarantee on finding concurrency bugs.

Objectives:

  • Describe the three generations of Random Testing along with its uses and pros and cons.
  • Describe different fuzzing tools and their usage: AFL, LibFuzzer, OSS Fuzz, and ClusterFuzz.
  • Explain with examples grammar-based fuzzing in mobile applications.
  • Explain with examples fuzzing of multi-threaded programs using Bug Depth, the Cuzz algorithm, and its probabilistic guarantee.