Microsoft opens fuzz testing service to the wider public
Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry.
Fuzz testing (i.e. fuzzing) is a software testing technique that consists of inputing invalid, unexpected, or random data into to a computer program, to check whether it will crash, show memory leaks, etc. In short, it’s a shortcut for finding bugs that, if missed, could result in serious problems down the development road, as well as security problems for users.
How Microsoft Security Risk Detection works, and who’s it for
Built on Azure and powered by artificial intellingence, Microsoft Security Risk Detection aims to uncover bugs and vulnerabilities in software before it is released or before it is used.
The service can be extremely helpful to companies that build software, but also to those that think about buying software offerings (e.g. via a merger or acquisition) or are evaluating how they can perform a cloud migration (e.g. they can assess the quality of existing legacy applications).
David Molnar, the leader of the group delivering the service, says that it can also be a handy tool for companies that are incorporating technology into processes that used to either be done manually or utilized much simpler technology.
“Security Risk Detection provides a Virtual Machine for the customer to install the binaries of the software to be tested, along with a ‘test driver’ program that runs the scenario to be tested, and a set of sample input files called ‘seed files’ to use as a starting point for fuzzing,” Microsoft explains.
The work is then up to the service, and after a series fo different fuzz tests, the developer receives information about the bugs and actionable test cases to reproduce the issue and, ultimately, fix it.
Previewed last September and before that used only by Microsoft internally for its own software products and by a limited number of customers and collaborators, the service is now accessible to the wider public.
Security Risk Detection supports fuzzing Windows applications. Support for Linux is currently in preview.