Fuzzing
Of course, we should also beef up our testing techniques. One highly effective way of testing the bounds of input validation is to use a fuzzer inside our tests; this just broadens the scope of what we are testing to make sure we have all the edge cases covered. A potential attacker will most likely use this technique to test the boundary of your API, so why not get the edge on them and make sure all of your input is correctly handled?
One of the most popular implementations of a fuzzer in Go is the excellent package github.com/dvyukov/go-fuzz/go-fuzz. The go-fuzz is a coverage guided fuzzer; it uses an instrumented build of your application code exposing the code coverage that it uses to ensure that the maximum code paths are covered. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access