1. Field of the Invention
The present disclosure relates to a method and arrangement for software testing.
2. Description of the Background
“Fuzzing” or robustness testing, is a technique for finding security and reliability flaws in software. Sending random characters to a program is the original and simplest form of software fuzzing, and is called simple or generic fuzzing. Current state-of-the-art robustness testing tools are based either manually placed “anomalies”, e.g. carefully chosen erroneous and/or unexpected field values, or random fuzzing of protocol fields. Fuzzing is a black-box technique where the unexpected and/or erroneous values are formatted according to a protocol, e.g. HTTP fuzzers test HTTP servers over TCP connections.
Some fuzzers send entirely random data, but others requires only certain portions of the data to be fuzzed. In the latter case it is possible to manually define parameters for the fuzzed data, or valid portions of the otherwise fuzzed data. Also, it is often possible to provide data for valid message or messages which are used as basis of the fuzzing. Advanced frameworks are extendable to allow new test case types to be introduced and then used in the test case generation.
For example, patent application WO2005/071545 discloses a method and system for rule-based generation of automation test scripts from abstract test case representation.
U.S. Pat. No. 7,278,061 discloses a system for building packets of data for testing a communication network. The system comprises a component which describes one or more protocols by providing one or more rules which are used to build the packet of test data.
The problem with the foregoing and other current approaches is that the tester of the fuzzer framework must have a deep knowledge of the framework and of the tested protocol. Only an expert of the fuzzing framework and the used protocol can tune the test generation process. Thus a method that simplifies the process of creating test case instances for various purposes is desired.