Applying Fuzzing in Software Testing: A Case Study on Kawn Subscriptions Manager

Abstract

Fuzzing is an automated black box testing method that evaluates abnormal inputs to trace targeted vulnerabilities. In this research, fuzzing is implemented on the Kawn Subscriptions Manager application. Further, we use the mutation testing method to assess the ability and the success of fuzzing in finding vulnerabilities in the application. The web fuzzer used in fuzzing is FFUF, and the input or payload tested is generated based on the word list required to test each function.  A total of 4 mutants were generated and by performing mutation testing, those 4 mutants were successfully killed. Therefore, a 100% mutation score is obtained. It means that the fuzzing method using the FFUF web fuzzer successfully found vulnerabilities in software applications. In addition, it was found that the Django application has implemented strict security against the POST request method.  Based on the research findings, we suggest fuzzing all functions in future research. In addition, it is necessary to compare fuzzing with other similar methods to identify the capability and reliability of fuzzing. In addition, our research highlights the importance of integrating comprehensive security measures and testing frameworks in the web application development lifecycle. By using FFUF, we demonstrate an efficient approach to identify and mitigate potential security threats, ensuring robust protection against cyberattacks.