Abstract: A method for a testing system to perform fuzzy testing of a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed, wherein the mutation process is configured, at least in part, by mutation guidance information; providing the test seed as input to the software system for the software system to process;

Abstract: The disclosure is directed to a method, system and a computer readable medium of fuzzy testing a software system, using a grey-box fuzzy testing framework that optimizes the vulnerability exposure process while addressing security testing challenges. The grey-box fuzzy testing framework, unlike white-box testing, provides a focused and efficient assessment of a software system without analyzing each line of code. The disclosed embodiments provide a robust security mechanism that accumulates information about the system without increasing testing complexity, enabling fast and efficient security testing. The disclosed embodiments use security vulnerability metrics designed to identify vulnerable components in the software systems and ensures thorough testing of these components by assigning weights. A mutation engine may perform small data type mutations at the input's high-level design.

Abstract: A method of fuzzy testing a software system, wherein the software system comprises a plurality of callable units and is arranged to receive input for the software system to process, the method comprising: determining, for each callable unit of the plurality of callable units, based on one or more security vulnerability metrics, a target number of times that callable unit is to be tested; initializing a ranked plurality of queues, each queue for storing one or more seeds, said initializing comprising storing one or more initial seeds in a corresponding queue of the ranked plurality of queues; performing a sequence of tests, wherein performing each test comprises: obtaining a seed from the highest ranked non-empty queue; performing a mutation process on the obtained seed to generate a test seed; providing the test seed as input to the software system for the software system to process; and evaluating the processing of the test seed by the software system to generate a result for the test; wherein each queue in