What is Fuzz Testing?
Fuzz Testing (or Fuzzing) is an automated software testing technique that bombards systems with invalid, random, or malformed inputs to uncover crashes, vulnerabilities, or unexpected behavior.
Features of Fuzzing
| Aspect |
Description |
| Goal |
Find security flaws, crashes, memory leaks, or edge-case failures |
| Input Generation |
Random/malformed data (strings, binaries, adversarial prompts) |
| Scope |
APIs, network protocols, file parsers, or AI/LLM inputs |
How It Works
| Step |
Action |
Example |
| 1. Input Generation |
Create randomized inputs |
Send “%%%%%” to a login field |
| 2. Execution |
Feed inputs to target system |
Test a PDF reader with corrupt files |
| 3. Monitoring |
Detect crashes/hangs |
Log memory overflow errors |
Types of Fuzz Testing
Some types of Fuzz testing are as follows:
| Type |
Description |
Use Case |
| Mutation-Based |
Modify valid inputs |
Testing image uploaders |
| Generation-Based |
Create inputs from scratch |
API protocol testing |
| AI/LLM Fuzzing |
Adversarial prompts |
Testing model safety |
Fuzz Testing Tools
| Tool |
Purpose |
Example Use |
| AFL |
Binary/file fuzzing |
Crash-testing media parsers |
| OWASP ZAP |
Web app security |
Testing login endpoints |
| TensorFuzz |
AI model testing |
Detecting LLM hallucinations |
Pros vs. Cons
| Pros |
Cons |
| ✅ Finds rare edge-case bugs |
❌ Resource-intensive |
| ✅ Critical for security hardening |
❌ Requires expert analysis |
Example Scenario
Target: Chatbot API
Fuzz Action: Send 10,000 random emoji combinations (e.g., 😵💫🔥§¶)
Outcome: Detect if the API crashes or returns sensitive system data
