馃帹 Future Design - continuous fuzz after initial release MVC
Problem to solve
A robust fuzzing job can be a long-running task. Additionally, customers may wish to fuzz a target indefinitely until a crash is found. For mature projects, this could be hours or days. Longer duration fuzz testing will find additional bugs and vulnerabilities.
In the above scenario, running a fuzzing job in a pipeline does not make sense, since the pipeline will never complete or will timeout after a certain period.
User Stories/Tasks
- As a user, I want to set up a 24/7 continuous fuzzing, so that I would monitor my application all the time
- As a user, I want to check continuous fuzz result anytime, so that I could fix important bugs in time
- As a user, I want to pause/start continuous fuzzing, so that I could control the fuzz scan
User experience goal
Consider how, where, and when to surface results from continuous fuzz testing as compared to results from a pipeline. Since there is no "done" to a continuous fuzz test job, we don't have the normal "end of a pipeline" step to collect and process results.
- Idea: Consider introducing a new screen where continuous fuzz testing results are collected and then can be manually promoted to vulnerabilities/findings after a user has reviewed them. This would be similar to some of the earlier designs we saw where all fuzz testing results were on their own screen.
A goal is that the same approach & UX can be used for both coverage-guided & API fuzzing.
- This issue only is intended coverage-guided fuzz testing though. API fuzzing will come later.
The technical issue: &4486