Glossary

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

Fuzz testing (or fuzzing) is an automated testing technique that feeds a program a large volume of generated inputs in search of crashes, hangs, and incorrect outputs. Modern fuzzers — AFL++, libFuzzer, Honggfuzz, Centipede — combine input mutation with execution-time feedback (typically branch-coverage instrumentation) to evolve inputs that progressively exercise new code paths. The technique scales: a corpus of crashes that would take a human auditor months to find can surface in hours of fuzzing. Fuzzing is most effective against parsers, codecs, protocol implementations, and any code that processes attacker-controllable byte strings. It is complementary to, not a replacement for, unit testing and static analysis.

Coverage-Guided Fuzzing

A fuzzing strategy that uses runtime code coverage feedback to steer input mutation toward unexplored code paths.

Corpus

The evolving collection of test inputs a fuzzer maintains, used as the base for generating new mutations.

libFuzzer

An in-process, coverage-guided fuzzing library built into LLVM that links directly into the target binary.

AFL++

A community-maintained, highly optimised fork of American Fuzzy Lop that is the most widely deployed coverage-guided fuzzer.

Triage

The workflow of reviewing, prioritizing, and reproducing crashes found by a fuzzer to determine exploitability and root cause.

Fuzz Testing

Related