What is Fuzzing?

Usually, software teams do functional testing (which is great) but not security testing of their code. For example:

func_add(int x, int y) { return x+y; }

may have a unit test like so:


However, corner cases are usually not tested so that x=INT_MAX; y=1 demonstrates a problem in the implementation.

Fuzz testing is routinely used to probabilistically generate such corner cases and feed them to program APIs to test their behavior.