Whether you're testing a software program, a website, etc., these steps can be applied comparably to each in order to discover what issues your code has that need to be fixed.
First of all, you must take a correct or valid file or piece of data and change it to some kind of random data that will affect the program maliciously. It's possible to replace the entire file or just part of it randomly. A "fuzzer" can do one of two things: they can generate their own data through a process called "generation fuzzing," or they can take the data from an actual source and simply alter it in some way.
During the fuzzing process, it's important to make sure all fuzzing occurs in the right components. The altered data must be directly fuzzed under the specific document rather than the structure itself. You merely want to test the application that consumes the data under its specific format/filetype. Testing the entire format will only affect the format verification code, so you need to make the necessary adjustments.
The next step is to transfer the altered data to its specific destination. There are different ways that this can be done; large corporations that do vast amounts of programming might find it necessary to develop their own fuzz testing tools that transfer data to a wide range of applications. It has become widespread practice to make a record of the test data before initiating the fuzz test.
The last step (this one is for the master problem solvers) is to see what happens. The most common disaster occurrences are crashes, CPU usage spikes, and memory spikes. A crash indicates a bug. This is dangerous because they are the most likely to be exploited. Instead of taking a chance and waiting see if it is exploitable, it's best to just fix the bug. A spike simply means that any malicious data might possibly discontinue service, so fix it!
It is important not to try to go overboard with the fuzzing; stick with trying to find random crashes and spikes. Anything more would require customizing the test to specifically monitor whatever changes are being made to the data and/or software application. However, because most of the programs are being used by third parties, fuzz testing for bugs is still crucial.
Search Engine News 
