GUI flow fuzzing
Fuzz testing is an automated way for checking how application reacts on unexpected input data. This is a type of negative testing. This is also very know technique for automated vulnerability finding.
But I didn’t hear anything about tool that will operate on the GUI in a fuzzy way (or maybe my Google search “kung-fu” isn’t so good). Instead of providing incorrect, trashy data we could provide input values correctly but in wrong order, etc. In general an application should receive not only correct data but correct data in correct order. Example: you shouldn’t be able to save child user while parent user is still not stored in db (this can end up with an exception).
Some kind of GUI fuzzing tool would find it by providing correct data and using correct steps but in completely unexpected order. The other problem is how to fuzz with application logic. Providing input data is simple, but providing steps that user performs on the GUI and then fuzzing the whole logic… hmmm… maybe I could use QTP.
