Glossary

Mutation-Based Fuzzing

A fuzzing approach that generates new inputs by systematically modifying existing corpus entries.

Mutation-based fuzzing starts from a set of known-valid or interesting inputs (the corpus or seed corpus) and applies transformations — bit flips, byte substitutions, block splicing, arithmetic mutations — to produce new test cases. Most modern coverage-guided fuzzers are mutation-based: AFL++ and libFuzzer both evolve a corpus by mutating its members and retaining mutations that increase coverage. The quality of the mutation engine determines what territory the fuzzer can reach: a fuzzer with only bit-flip mutations will struggle with format magic numbers, while one with a dictionary of format-specific tokens can construct valid container structures faster. Mutation-based fuzzing assumes the starting corpus exercises at least some of the target's parsing logic; for targets with no available seed inputs, generation-based fuzzing or a hybrid approach may be preferable.

Generation-Based Fuzzing

A fuzzing approach that synthesizes inputs from scratch using a grammar or format specification.

Corpus

The evolving collection of test inputs a fuzzer maintains, used as the base for generating new mutations.

Seed Corpus

The initial set of valid, well-structured inputs provided to a fuzzer before it begins mutation.

Coverage-Guided Fuzzing

A fuzzing strategy that uses runtime code coverage feedback to steer input mutation toward unexplored code paths.

Dictionary

A file of format-specific tokens or magic bytes provided to the fuzzer to help it construct semantically meaningful mutations.

Mutation-Based Fuzzing

Related