An application is no longer a product. In the world of cloud, and DevOps, and containers, an application is a process. There is no distinct beginning or end to development. The application is a living thing that cycles through a feedback loop–constantly identifying and resolving issues and consistently improving and evolving. When you have continuous development and continuous deployment, though, you also need continuous testing and continuous security that can keep up.
Ivan Novikov, co-founder and CEO of Wallarm, is my guest for this episode of the Inner Circle podcast. We talk about the need for continuous testing, and the philosophy and technology behind Wallarm. We also delve into the concept of fuzzing as a security testing technique.
Novikov explains that fuzzing techniques are based on a variety of assumptions about what normal data should look like. Using email as an example, you expect the input to consist of a unique email address, followed by the ‘@’ symbol and then the domain. Novikov says fuzzing will add spaces, or insert Unicode characters and other unexpected input to determine what how the application will behave.
Once you find the unexpected or erratic application behavior, that is when the real fun begins. Listen to this episode of the Inner Circle to learn more.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Tony Bradley. Read the original post at: https://techspective.net/2019/01/31/inner-circle-podcast-episode-020-ivan-novikov-chats-about-fuzzing-in-testing/