Home

fuzzing

Fuzzing, or fuzz testing, is an automated software testing technique that feeds invalid, unexpected, or random inputs to a computer program in order to trigger crashes, assertion failures, or other abnormal behavior. The goal is to uncover vulnerabilities and robustness problems that arise from improper input handling, memory safety issues, or logic errors. Fuzzing is widely used in software security to identify bugs that could be exploited in real-world attacks, as well as to improve input validation and fault tolerance.

The technique originated in the late 1980s with experiments by Barton Miller at the University of California,

Typical fuzzing workflows involve creating a harness that exercises the target software, supplying a seed corpus,

Prominent fuzzing tools include AFL (American Fuzzy Lop) and libFuzzer, both of which support coverage-guided fuzzing,

Berkeley,
who
demonstrated
that
random
inputs
could
cause
surprising
failures
in
many
Unix
utilities.
Since
then
fuzzing
has
evolved
into
several
approaches,
including
mutation-based
fuzzing,
generation-based
fuzzing,
and
coverage-guided
fuzzing.
Mutation-based
fuzzing
starts
from
a
corpus
of
existing
inputs
and
mutates
them,
often
guided
by
heuristics.
Generation-based
fuzzing
builds
inputs
according
to
a
formal
specification
or
grammar.
Coverage-guided
fuzzing
uses
feedback
from
the
program,
such
as
code
coverage,
to
steer
input
generation
toward
unexplored
paths.
running
a
fuzzing
loop
that
mutates
or
generates
inputs,
and
monitoring
for
crashes
or
hangs.
Reproducing
crashes
and
triaging
results
are
essential,
often
aided
by
sanitizers
that
detect
memory
errors,
use-after-free
conditions,
and
other
issues.
as
well
as
other
projects
like
honggfuzz.
Fuzzing
is
used
on
user-space
applications,
kernels,
browsers,
network
stacks,
and
APIs,
and
is
commonly
complemented
by
static
analysis,
formal
verification,
and
other
testing
methods.
Ethical
and
legal
considerations
apply
when
fuzzing
third-party
systems;
authorization
and
responsible
disclosure
are
important.