Google helps developers detect application bugs and vulnerabilities

Google helps developers detect application bugs and vulnerabilities

Google recently made its Clusterfuzz open source tool available, so that developers can automatically test applications during the development process for possible software bugs and possible security vulnerabilities. The tool is part of a whole range of recent open source security solutions.

By making the test tool available from open source, the tech giant wants to help developers deliver good and, above all, safe applications even more. The tool should simplify testing for possible bugs in the software and gaps in the security of this app.

The tool uses the fuzz testing method to detect software bugs. The methodology ensures that large amounts of randomly generated data are sent to the application in question or to the so-called fuzz. The aim of this bombardment is to make as many mistakes as possible. When the test is over, the developers can study these errors and correct them in their code.

According to Google, fuzz testing is very useful to detect corrupt errors and difficulties in memory that may cause security problems. For example, this test method can detect whether a certain input of data causes something in the memory to be overwritten that should not have happened. This can prevent the injection of malware by hackers, among other things.

Source: Google

Automation of fuzz testing

The tech giant’s now released tool automates fuzz testing and makes it possible to use these tests to collect examples of undesirable behaviour caused by the same detected errors. This helps developers to easily diagnose and identify the main cause of these errors. In addition, the tool generates sufficient statistical data to gain more insight into the efficiency of testing for bugs.

Clusterfuzz can also ensure that the application works properly once developers have detected and adjusted the errors. Using follow-up tests, the tool checks whether the correct errors have been corrected and automatically indicates that the problem has been solved after a certain period of time.

Part of multiple releases

The introduction of the test tool is part of a number of recent releases of the techgigant’s open source security solutions. In recent weeks, an encryption technology that is efficient for mobile device processors and a Chrome extension that warns end-users when their online accounts have been hacked as open source tools have been released.

Google itself is a big fan of its Clusterfuzz. The tech giant claims that it can detect errors in applications within a few hours. It also uses the tool itself to detect errors in the code of its Chrome browser and a large number of other projects.

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.