Well, THAT’s Random – Using Automated Fuzzy Browser Clicking to Expose Risks
Learn how using randomization can help mitigate risks
Today it is difficult to both enumerate and control all the possible combinations of paths through your systems
Roughly speaking, ‘fuzzing’ is testing without an oracle; e.g., testing without knowing what a specific outcome should be.
When fuzzing, we don’t necessarily know what should happen, but we have a good idea of some things that shouldn’t happen, such as 404 errors and server or application crashes. We generally apply fuzzing to produce these kinds of errors when we’re testing text boxes, but why should text boxes have all the fun? Websites created today are highly interconnected, multi-server applications that include connections to out-of-network servers that are not under our applications’ control. This situation makes it difficult to both enumerate and control all the possible combinations of paths through our system. Even if we could identify all the possible paths, most organizations would not have the time to test all of these scenarios, regardless of whether or not they apply automation to help with that testing.
During this session, Paul Grizzaffi explores how expanding our automation approach by using randomization can help mitigate the risks associated with hard-to-enumerate application scenarios. By using random clicking, we can provide testers with additional information via exploring paths through the application which are not intuitive, but which are still valid. We’ll discuss:
Paul Grizzaffi is a Principal Automation Architect at Magenic. His career has focused on the creation and deployment of automated test strategies, frameworks, tools, and platforms. Paul has created automation platforms and tool frameworks based on proprietary, open source and vendor-supplied tool
chains in diverse product environments (telecom, stock trading, E-commerce, finance, and healthcare). He is an accomplished keynote speaker who has presented at both local and national meetings and conferences. He is an advisor to Software Test Professionals and STPCon, as well as a member of the Industry Advisory Board of the Advanced Research Center for Software Testing and Quality Assurance (STQA) at UT Dallas. Paul looks forward to sharing his experiences and expanding his automation and testing knowledge of other product environments.