What is fuzzing?
Fuzzing is an automated brute-force software testing technique that stresses target software by injecting malformed, unexpected, or random data. Fuzzers can test file parsers, network protocols, and any other software that processes inputs.
There are three common types of fuzzers:
- Pure random (aka "dumb") - They don't know anything about the protocol under test.
- Template (aka "mutational") - These fuzzers mutate a set of valid inputs such as test files or recorded packet captures.
- Generational (aka "smart") - These fuzzers understand the protocol under test. They produce a large number of valid and invalid inputs based on a model. Aegis is this type of fuzzer.
Types of bugs
Fuzzing can find a wide area of critical bugs that make software crash, e.g. but not limited to:
- memory corruption, e.g. buffer overflows
- integer overflows
- infinite loops
With the right monitoring in place, fuzzing may also find:
- subtle memory corruptions
- resource leaks
- information disclosure bugs
Limitations of fuzzing
Fuzzing cannot prove that your software is free of all defects. Most software has a virtually infinite set of inputs, and fuzzing can only prove that certain defects in an infinite input space don't exist. You should consider fuzzing as a single, albeit vital, tool in a more complete toolbox of software validation and testing methodologies.