A subcategory of DAST tools, fuzz-testing checks the behavior of your application when confronted with invalid, unexpected, random, or maliciously formed data. Such checks can be especially useful when used against the interfaces that cross the trust boundary (such as end user file upload forms or inputs).
Some interesting tools from this category include the following:
- Peach Fuzzer: https://www.peach.tech/products/peach-fuzzer/
- PortSwigger Burp: https://portswigger.net/burp
- The OWASP Zed Attack Proxy project: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- Google's ClusterFuzz: https://github.com/google/clusterfuzz (and OSS-Fuzz: https://github.com/google/oss-fuzz)