Fuzzing
// Definition
Feeding malformed, random, or unexpected inputs to a system to expose crashes, memory issues, and security flaws. Effective at finding bugs that hand-written tests miss because real users would never type such inputs.
// Related terms
SQL Injection
An attack where untrusted input is concatenated into a SQL query, letting an attacker exfiltrate or modify data. Mitigated with parameterised queries and ORM usage. Tested with crafted payloads at every input that reaches the database.
XSS (Cross-Site Scripting)
An attack where attacker-controlled JavaScript executes in another user's browser, often via unescaped input rendered into HTML. Categories include reflected, stored, and DOM-based. Mitigated by output encoding and a strict Content Security Policy.
Property-Based Testing
Asserting that a property (e.g., 'reverse(reverse(list)) == list') holds for many automatically generated inputs, instead of writing one example per case. Tools like Hypothesis and fast-check generate thousands of cases and shrink failures to a minimal example.
Learn more · Non-Functional Testing Overview
Chapter 3 · Lesson 3: Security Testing Tools — OWASP ZAP, Burp Suite, SonarQube