What is Fuzzing?¶
Usually, software teams do functional testing (which is great) but not security testing of their code. For example:
func_add(int x, int y) { return x+y; }
may have a unit test like so:
ASSERT((func_add(4,5)==9))
However, corner cases are usually not tested so that x=INT_MAX; y=1 demonstrates a problem in the implementation.
Fuzz testing is routinely used to probabilistically generate such corner cases and feed them to program APIs to test their behavior.