Fuzzing basics

Fuzzing is a testing mechanism that sends malformed data to a software implementation. The implementation may be a web application, thick client, or a process running on a server. It is a black box testing technique that injects data in an automated fashion. Fuzzing can be used for general testing but is mostly used for security testing.

Fuzzing often reveals serious flaws in the application. Fuzzing with random data can cause a program to crash, which could result in a denial of service attack. The results of the fuzzing test depend on the ability of the fuzzing software to produce inputs that can trigger an exception in the application. Some bugs that you find might be exploitable, while others might not be exploitable. A common bug that is often identified using fuzzing is the buffer overflow flaw. An application taking an input from the user and failing to perform any bound checking on it can result into an exploitable condition. Fuzzer generates random data that is used...