A Call for Mandatory Input Validation and Fuzz Testing
Journal article, Peer reviewed
Published version
View/ Open
Date
2023Metadata
Show full item recordCollections
Abstract
The on-going digitalization of our critical infrastructures is progressing fast. There is also a growing trend of serious and disrupting cyber-attacks. The digital services are often fragile, and with many weaknesses and vulnerabilities. This makes exploiting and attacking the services a little too easy. If the services verifies all inputs, many security threats will be avoided. Similarly, if one diligently tests the services with malformed inputs, one will uncover many security and software quality problems. In this paper we investigate “input validation” and “fuzz testing” as a means to improve security. The aim is not exhaustive coverage, but to provide indications of usefulness and to serve as a call for action.