Glossary

Whitebox Fuzzing

Fuzzing that uses full program analysis — typically symbolic or concolic execution — to generate inputs that satisfy specific constraints.

Whitebox fuzzing (also called smart fuzzing or SAGE-style fuzzing) uses complete program analysis — symbolic execution, concolic execution, or model checking — to systematically generate inputs that satisfy branch constraints deep in the program. A concolic engine runs the program on a concrete input while simultaneously tracking symbolic path constraints; it then negates individual constraints to produce inputs that take alternative branches. This allows whitebox fuzzers to solve multi-byte magic values, checksums, and complex conditional logic that stop greybox fuzzers. The cost is scalability: symbolic execution suffers from state explosion and requires significant compute per input. In practice, whitebox techniques are often combined with greybox fuzzing — using symbolic execution to break through blocking constraints and then handing solved inputs back to a coverage-guided corpus.

Greybox Fuzzing

Fuzzing that uses partial runtime information — typically coverage feedback — without requiring full program analysis.

Blackbox Fuzzing

Fuzzing that generates inputs with no visibility into the target program's code or execution state.

Coverage-Guided Fuzzing

A fuzzing strategy that uses runtime code coverage feedback to steer input mutation toward unexplored code paths.

Instrumentation

The process of inserting probes into a program at compile or binary rewrite time to collect runtime information for the fuzzer.

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

Whitebox Fuzzing

Related