«

A Good Analysis of Test Coverage

Test coverage, especially for fuzzing, is always a challenge. The three most common dimensions for analyzing test coverage in software fault injection (robustness testing or fuzzing) are interface coverage, protocol coverage and input coverage. But those are often difficult to measure, therefore simplification helps. A recent white paper on this topic breaks down this analysis into simple things like:

  • Attack surface
  • Specifications
  • Statefulness

Attack surface is a simple to do process of analyzing the interfaces and protocols, whereas specifications and statefulness look at how well those protocols are tested. Understanding these simple metrics helps you understand how well your own fuzzing tool actually does its test. Good luck in fuzzing!

This entry was posted on 2010-02-01 at 22:34 and is filed under fuzzing with tags , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.