Introduction
There are three main techniques used to find bugs in software: source code audits, reverse engineering, and fuzzing. Source code auditors scan code for programmer mistakes. Reverse engineers, working with only the compiled bytes of a program, reverse the internal operations in search of weaknesses. Fuzzing, or robustness testing, involves executing and monitoring target applications while semi-valid data is delivered to the interfaces under test. The combination of these exposed interfaces is known as the attack surface.
The appropriate method to utilize when auditing an application for robustness varies based on: audit time frame, source code availability, auditor experience, original programming language, and more.
