what is fuzzing

Fuzzing, also known as fuzz testing, is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program to identify bugs, vulnerabilities, and security loopholes. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Fuzzing is used mostly as an automated technique to expose vulnerabilities in security-critical programs that might be exploited with malicious intent. Fuzzing can be carried out using automated software that generates new test cases and feeds the program inputs. It also detects if the program crashes, stalls, or reveals other vulnerabilities. Fuzzing is typically carried out without the knowledge of the subject programs internal structure, making it a black box testing technique. Fuzzing is used to demonstrate the presence of bugs rather than their absence, and running a fuzzing campaign for several weeks without finding a bug does not prove the program correct.