What is fuzzing?

Fuzzing is an automated brute-force software testing technique that stresses target software by injecting malformed, unexpected, or random data. Fuzzers can test file parsers, network protocols, and any other software that processes inputs.

There are three common types of fuzzers:

Types of bugs

Fuzzing can find a wide area of critical bugs that make software crash, e.g. but not limited to:

With the right monitoring in place, fuzzing may also find:

Limitations of fuzzing

Fuzzing cannot prove that your software is free of all defects. Most software has a virtually infinite set of inputs, and fuzzing can only prove that certain defects in an infinite input space don't exist. You should consider fuzzing as a single, albeit vital, tool in a more complete toolbox of software validation and testing methodologies.