fuzzing
Sign in to savethumb | right | American Fuzzy Lop (software)|American Fuzzy Lop's afl-fuzz running on a test program
Article
18 sectionsContents
- History
- Early random testing
- Types
- Reuse of existing input seeds
- Aware of input structure
- Aware of program structure
- Uses
- Exposing bugs
- Validating static analysis reports
- Browser security
- Toolchain
- Automated bug triage
- Automated input minimization
- List of popular fuzzers
- See also
- References
- Further reading
- External links
thumb | right | American Fuzzy Lop (software)|American Fuzzy Lop's afl-fuzz running on a test program
In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, such as in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are "valid enough" in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are "invalid enough" to expose corner cases that have not been properly dealt with.