When I think of fuzz, I think of one of the most annoying things in the world. It gets on your clothes; it clings to your body and there's nothing you can do about it. But there's a form of fuzz that affects your web site as well, and that's one kind of fuzz you CAN and SHOULD do something about.
If you haven't figured out what I'm talking about, and I'm sure most of you haven't, I'm referring to software fuzz testing specifically for your website. It's one of the best ways to test your website for bugs. Because even search engines will still return sites with errors, you have a better chance of a good ranking if there's less randomness for them to process. And why wouldn't you want the cleanest possible look for your site? You'll get a lot more attention if you're not bombarding people with fuzz.
Let me start off with a simple definition: fuzz testing is a technique that tests your code quality by supplying random samples of data, which we call the fuzz, as input to your program. Whenever your program breaks or crashes, the flaws can be marked for repair. Fuzz testing was created and developed in 1989 by University of Wisconsin-Madison professor Barton Miller and his students. The technique's main purpose is to succeed where human testers fail by locating all the overlooked mistakes that even the most intricate of tests miss on occasion.
Fuzz testing is not to be confused with a fail safe method to ensure program quality. Because of its randomness, it is best suited for finding the bugs and the kinks that prevent program perfection and cause pesky errors. To say that your code is strong enough to handle the exceptions doesn't necessarily account for the overall product.
Most people will probably recognize the flaws when certain file types are marked improperly and return as something else. These syntactic errors occur more than you think; in fact this paper cites research done by Eric Brewer that says at least 40 percent of web pages have one syntax error or more (keep in mind that this paper is from 1996). Holy frijoles, think of the randomness! Not to worry though, because fuzz testing processes all this randomness, allowing the search engine to return the "best" documents, not the least bugged.
That's right, web pages offer just as many problems as the typical program file. Obviously, the fact that malware can be served up from basically anywhere on the web is evidence enough. The search engine alone probably won't catch this, so you have to test the site yourself, specifically how you serve ads. Obviously, ads are essential for financing a website, but if your visitors and clients are being hit with malware, well I don't have to tell you that's bad for business.
The next section will tell you the basic techniques for fuzz testing...