As I conclude this article, I want to again draw on some of the advantages and disadvantages of fuzz testing. The biggest problem, as I mentioned earlier, is that fuzzing, for the most part, only finds the simplest defects and bugs. Different fuzzers will find different bugs, but these bugs are often of a severe nature, meaning they are exploitable, so don't automatically discount the fuzz test. And don't forget that the attackers will use fuzz testing themselves to locate the ripest vulnerabilities.
A lot of people think that the randomness of fuzz testing would also be a disadvantage because it might miss the more valuable flaws. There is a technique called "robustness testing" that tests the input space that the format specifically defines, thereby making the test less random. However this goes back to the value of fuzz testing results in general, and I think we've discussed that already.
The one thing you should take from this article is that if you're going to fuzz test, you must think like the enemy. After all, there are attackers deliberately trying to infect a program's code. Your program should be able to process any stream of data sent in to it by yourself or a third party. Obviously fuzz testing isn't fool proof, but it does improve the program's security against unexpected input.
In short, you need fuzz testing to make your program look its best. It will also make those who visit your web site or use your web application much happier. So help yourself and everyone else by doing a fuzz test.
Search Engine News 
