Application Security
Fuzz Testing
Also known as: Fuzzing
Definition
An automated testing technique that feeds a program large amounts of malformed, random or unexpected input to uncover crashes, memory corruption and security vulnerabilities.
Examples
- OSS-Fuzz running libFuzzer continuously against the OpenSSL parser to find memory corruption bugs.
- Jazzer fuzzing a Java JSON parser to find DoS through deeply nested input.
Related terms
Mutation Fuzzing
A fuzz testing strategy that derives new test inputs by randomly mutating existing valid samples, such as flipping bits, inserting bytes or splicing files.
Coverage-Guided Fuzzing
A fuzzing technique that instruments the target to measure code coverage and evolves inputs that explore previously unseen paths, dramatically improving bug-finding efficiency.
Symbolic Execution
A program analysis technique that executes code with symbolic inputs rather than concrete values, building path constraints solved by an SMT solver to find bugs.
DAST (Dynamic Application Security Testing)
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
Buffer Overflow
A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.
Secure Coding
Secure Coding — definition coming soon.