What is fuzzing?

Fuzzing is an automated brute-force software testing technique that stresses target software by injecting malformed, unexpected, or random data. Fuzzers can test file parsers, network protocols, and any other software that processes inputs.

There are three common types of fuzzers:

  • Pure random (aka "dumb") - They don't know anything about the protocol under test.
  • Template (aka "mutational") - These fuzzers mutate a set of valid inputs such as test files or recorded packet captures.
  • Generational (aka "smart") - These fuzzers understand the protocol under test. They produce a large number of valid and invalid inputs based on a model. Aegis is this type of fuzzer.

Types of bugs

Fuzzing can find a wide area of critical bugs that make software crash, e.g. but not limited to:

  • memory corruption, e.g. buffer overflows
  • integer overflows
  • infinite loops

With the right monitoring in place, fuzzing may also find:

  • subtle memory corruptions
  • resource leaks
  • information disclosure bugs

Limitations of fuzzing

Fuzzing cannot prove that your software is free of all defects. Most software has a virtually infinite set of inputs, and fuzzing can only prove that certain defects in an infinite input space don't exist. You should consider fuzzing as a single, albeit vital, tool in a more complete toolbox of software validation and testing methodologies.