Fuzz testing is an interesting concept...and one that I believe we should look into for the testing being done for the ABIS and other identity systems. Fuzz testing is different than the normal development operational testing that is done by ATEC and other agencies in DOD. Fuzz testing is more like a brute-force testing approach. "Fuzzing" persistently tests a system by submitting random inputs to the system and evaluates the responses.
This is helpful when testing complex systems that are too complicated for the testing of all the various test scenarios and inputs. It also is automated, so there are fewer data collectors and test users required.
Mr Herbert Thompson in his article (http://www.ddj.com/architect/221900780) on Fuzz Testing points out that fuzzing has credited to finding vulnerabilities in Windows 7, iPhone, and Android computing platforms.
The importance of fuzz testing of the identity systems is especially important as we move to XML schemas for data sharing.
No comments:
Post a Comment