What is Fuzz testing and Tips

Fuzz testing is a kind of QA-Testing which involves inputting some invalid data into the program in order to monitor it for crashes and ensure its security.

Security contributors and researchers use a lot of different fuzzing approaches on Firefox.

Tips for fuzzing on Firefox.
A–>  Nightly Tests
If you want bugs identified earlier, mind that the nightly builds directly correspond to the central Mozilla’s HG repository, as well as always contain the latest features prepared for release. These offer the great opportunity for testing changes much earlier.
B–> Mini-dumps
It is not that efficient to run Firefox under the debugger for fuzzing. You can instead try the mini-dumps Firefox’s crash reporter provides. By means of the mini-dump_stackwalk tool, it’s possible to obtain the stack trace from a dump for further triage. An advantage of such an approach is its working on all the supported platforms.
C–>Special Builds
Builds of regular release are not good for fuzzing since they lack some significant features debug builds have. Debug builds, for instance, have a range of enabled memory invalidation routines. Another good thing in debug builds is assertions. While all the assertion failures report bugs, some assertion types are especially capable of indicating security holes.
D–>Multiple Instances
By using multiple profiles you may in parallel run multiple Firefox instances on one host. You may specify your profile name in the command line. Mind that the prefs.js file provided with ADBFuzz also contains some significant options to be added directly into the prefs.js file of the fuzzing profile you’re using.
E–> Communication
Communication between the outside harness and the running in-browser component is especially important when testing browsers. When the fuzzer running inside a browser has just an outside harness which’s monitoring it, communication from fuzzer to harness is mostly helpful for logging all actions taken by the fuzzer so that they are more easily reproduced.
F–> Using Add-on Debug Functions
Certain functions accessible in privileged context are very powerful only for automated testing. Among such examples are the garbage collector’s calling, zealous garbage collection ability, Firefox quitting, or the cycle collector invoking. There’s a publically available add-on for this.


Words – A Sample TTS project


I created a sample project using text to speech conversion. 

In this project you can listen to what you write in English language only. 

It can be used by kids to learn alphabet or words phonetics and for words recognition etc.
I used it with my 2 year old son and he found it very interesting. He laughed at every sound he heard from the computer and he could relate to the alphabets also.

This uses Apache Tapestry, Tomcat, JSAPI, freeTTS and Bootstrap.
There is no database required.

It is not hosted yet but you can check the code  and screenshots at —

Use your headphones to listen to whatever you write. 
It was fun making the computer speak what you write down.
I even tried out a few song lyrics to be read out, though it sounded much weird 😉

Home page:

Next:  Want to speak and let the computer listen to my commands.

Coding Tips – to keep in mind

Some common things that I have learnt through out my coding experience —
  1. Check for Multi-threaded issues – like no instance variables in a service class.
  2. File names should have date and for whom the file is being generated.
  3. Check where the file is being stored and what will happen to it.
  4. If the objects are not string then control the output to the file– like for BigDecimal and Dates. It may be changed to other notations.
  5. Add hard coded strings in properties files or make them as constants
  6. Use StringBuffer instead of string
  7. Use BigDecimal instead of double for more complex math calcs.
  8. For BigDecimal use scale and RoundingMode when dividing or multiplying
  9. If creating a file then either set delete on exit property or create files in temp directory.
  10. Use apache StringUtils and DateUtils for quick string and date formatting.
Please feel free to add to this list and this will help others too. :)