What is fuzz testing (fuzzing)?
D4 ยท Operations ยท CompTIA Security+ SY0-701Fuzz testing (fuzzing) is an automated software testing technique that feeds large amounts of unexpected, invalid, random, or malformed input data into a program to discover bugs, crashes, and security vulnerabilities โ particularly buffer overflows, input validation errors, and unexpected behavior.
Types: mutation-based fuzzing (mutates valid inputs), generation-based fuzzing (generates inputs from specs), coverage-guided fuzzing (AFL, libFuzzer โ tracks code paths to maximize coverage).
Tools: AFL (American Fuzzy Lop), libFuzzer, Boofuzz, Peach Fuzzer.
Types: mutation-based fuzzing (mutates valid inputs), generation-based fuzzing (generates inputs from specs), coverage-guided fuzzing (AFL, libFuzzer โ tracks code paths to maximize coverage).
Tools: AFL (American Fuzzy Lop), libFuzzer, Boofuzz, Peach Fuzzer.
Fuzzing finds vulnerabilities that manual code review misses โ especially memory corruption bugs. Google's OSS-Fuzz has found thousands of vulnerabilities in open-source projects. On the exam, fuzzing is an active testing technique that discovers input-handling vulnerabilities. Combine with SAST/DAST for comprehensive security testing.