Application Security
Mutation Fuzzing
Also known as: Mutational fuzzing, Sample-based fuzzing
Definition
A fuzz testing strategy that derives new test inputs by randomly mutating existing valid samples, such as flipping bits, inserting bytes or splicing files.
Examples
- AFL++ mutating valid PNG files to discover heap-overflow bugs in libpng.
- libFuzzer mutating valid HTTP requests to crash a custom HTTP parser.
Related terms
Fuzz Testing
An automated testing technique that feeds a program large amounts of malformed, random or unexpected input to uncover crashes, memory corruption and security vulnerabilities.
Coverage-Guided Fuzzing
A fuzzing technique that instruments the target to measure code coverage and evolves inputs that explore previously unseen paths, dramatically improving bug-finding efficiency.
Symbolic Execution
A program analysis technique that executes code with symbolic inputs rather than concrete values, building path constraints solved by an SMT solver to find bugs.
Buffer Overflow
A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.
Use-After-Free
A memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.
Secure Coding
Secure Coding — definition coming soon.