Glossary

Blackbox Fuzzing

Fuzzing that generates inputs with no visibility into the target program's code or execution state.

Blackbox fuzzing treats the target program as an opaque function: inputs go in, outputs (or crashes) come out, and the fuzzer has no information about code coverage, control flow, or internal state. Classic blackbox fuzzers — Peach, Boofuzz, and early radamsa-based scripts — generate inputs using only format specifications or random perturbation of sample files. Without coverage feedback, blackbox fuzzers struggle to penetrate deep code paths because there is no signal distinguishing an input that reached a new parser state from one that was rejected at the first byte. Blackbox fuzzing remains useful when instrumentation is impractical: fuzzing closed-source binaries without binary rewriting support, network protocols where responses are the only observable signal, or hardware targets where execution tracing is unavailable or prohibitively expensive.

Greybox Fuzzing

Fuzzing that uses partial runtime information — typically coverage feedback — without requiring full program analysis.

Whitebox Fuzzing

Fuzzing that uses full program analysis — typically symbolic or concolic execution — to generate inputs that satisfy specific constraints.

Generation-Based Fuzzing

A fuzzing approach that synthesizes inputs from scratch using a grammar or format specification.

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

Mutation-Based Fuzzing

A fuzzing approach that generates new inputs by systematically modifying existing corpus entries.

Blackbox Fuzzing

Related