Application Fuzzing, originally developed by Barton Miller at the University of Wisconsin in 1989, is a testing method used to discover coding errors and security loopholes in software, operating systems or networks. This method of testing involves inserting a large amount of data, called fuzz, into the test subject in an attempt to make the system crash or return unexpected results. If there are vulnerabilities being found during the test, a “fuzzer” can be used as a software tool to help identify the potential causes behind the vulnerabilities.
The “fuzzers” work best by discover vulnerabilities that can be exploited by buffer overflow, denial of service issues, cross-site scripting and SQL injection. These tactics are most often used by malicious hackers who try to exploit online applications to their benefit. Employing application fuzzing techniques can help you avoid some major security headaches down the road.
Additional Reading: What is AI Fuzzing? And Why It May Be The Next Big Cybersecurity Threat
Related Terms: Dynamic Code Analysis, Static Code Analysis, Vulnerability