Part V: Domain-Specific Fuzzing¶

This part discusses test generation for a number of specific domains. For all these domains, we introduce fuzzers that generate inputs as well as miners that analyze the input structure.

• Testing Configurations systematically tests and covers software configurations. By automatically inferring configuration options, we can apply these techniques out of the box, with no need for writing a grammar.

• Testing APIs shows how to generate inputs that go directly into individual functions, gaining flexibility and speed in the process.

• Carving takes a system test and automatically extracts a set of unit tests that replicate the calls seen during the unit test. The key idea is to record such calls such that we can replay them later – as a whole or selectively.

• Testing Web Applications shows how to systematically explore the behavior of a Web application – first with handwritten grammars, then with grammars automatically inferred from the user interface. We also show how to conduct systematic attacks on these servers, notably with code and SQL injection.

• Testing Graphical User Interfaces explores how to generate tests for Graphical User Interfaces (GUIs), generalizing from rich Web applications to mobile apps, and systematically exploring user interfaces through forms and navigation elements.