Well, That’s Random: Automated Fuzzy Browser Clicking
Roughly speaking, "fuzzing" is testing without an oracle—essentially, testing without knowing what the outcome should be. We don’t know what should happen, but we have a good idea of things that shouldn’t happen, such as 404 errors and server or application crashes. We generally apply fuzzing to produce these kinds of errors when we’re testing text boxes, but why should text boxes have all the fun? Websites today are interconnected, multiserver applications that include connections to out-of-network servers, making it difficult to enumerate and control all the possible combinations of paths through our system. Even if we could identify all the possible paths, most organizations would not have the time to test all these scenarios, regardless of whether they apply automation to help with that testing. Paul Grizzaffi will explore how expanding our automation approach by using randomization can help mitigate the risks associated with hard-to-enumerate application scenarios. By using random clicking, testers can get additional information via exploring paths through the application that are not intuitive but are still valid. We’ll discuss why creating a random clicker doesn’t have to take a lot of effort, how this approach is rooted in the facets of high-volume automated testing, and considerations to be mindful of when using randomization.