Fuzzing from analysis to test execution Fraunhofer FOKUS

Fuzz Testing – an effective technique for detecting unidentified security breaches

In this increasingly inter-networked world, security testing has become an essential component of the development process. Fuzz Testing has proven to be an effective technique for detecting unidentified security breaches (0-day vulnerabilities). Using this test method, the interfaces of the system that is undergoing testing are faced with nonstandard and unexpected inputs in a variety of ways in order to test their robustness.

Random Fuzzing is the easiest way to find security breaches. However, due to the complexity of the input parameter space, it does not offer a sufficient level of efficiency to test the system comprehensively. Smart Fuzzing uses models of your interfaces, protocols or services to generate test cases, thus reducing the large number of test cases to only the most relevant and allowing complex errors to be discovered more easily. Smart Fuzzing is therefore considerably more efficient when compared with simple Fuzzing techniques.

We develop Smart Fuzzing heuristics both for Data Fuzzing (based on Fuzzino) as well as for Behavioural Fuzzing, which are tailored specially to your interfaces, protocols and services. For this, we use system models. However, even if these are not available, we can use functional test cases or system traces and therefore reduce the initial barriers. By using additional information from a risk analysis, the test process becomes considerably more efficient.

Our process is based on an analysis of the system that is to be fuzzed as well as, ideally, on a risk analysis. On the basis of these results, suitable Fuzzing heuristics will be chosen and new ones will be developed. The next step is choosing and, if necessary, annotating suitable test scenarios from which the robustness or security test cases will then be automatically generated. Using the example of an industry partner's banknote processsing system, we have created a risk analysis together with system experts and examined its protocol for possible weaknesses with the help of functional test cases. Based on these functional test cases and with the help of the risk analysis, suitable test cases were chosen and specific security tests generated from these. Both Data and Behavioural Fuzzing were used for this purpose. Thanks to an optimised runtime environment, a high coverage of risks could therefore be achieved in a more reasonable time. The results of this can be found on the DIAMONDS project website.

"Fuzzino", our basic solution for Fuzzing, has already been used by various tool suppliers, including Dornier Consulting and TestingTechnologies. With do.ATOMS, Dornier Consulting offers a test tool for model-based functional tests. With the help of Fuzzino, both security tests and functional tests can be carried out with Fuzzing using the same tool. TestingTechnologies' TTworkbench has also already been prepared for Fuzzing and the newest version offers a TTCN-3 language extension, with the help of which functional test suites can easily be reused for Fuzzing, supported by Fuzzino.


  • Preparation and implementation of security and robustness tests on your product with Fuzzing
  • Analysis of product-specific interfaces, protocols, and services and the development of individual Fuzzing heuristics
  • Support with the implementation of Fuzz Testing into your test process and your test tools with the help of Fuzzino
  • IT security risk analysis