View Glossary

Fuzz testing

Fuzz testing image

What is fuzz testing? 

Fuzz testing (or fuzzing) deliberately bombards your software with malformed, unexpected, or random data to uncover crashes, security vulnerabilities, and edge cases. Think of it as stress-testing your application by throwing every conceivable type of bad input at it to see what breaks. 

Do you have any examples of fuzz testing?

Consider testing a user registration form—you might inject SQL commands into the username field, paste a 10MB text file into the password field, or submit emoji strings into the email field. 

Another common example is testing file uploads by generating thousands of slightly corrupted PDF files to see if your parser breaks. Modern fuzz testing tools like AFL++ can automatically generate these test cases based on code coverage and previous results. 


Why is fuzz testing important? 

Fuzz testing catches bugs like buffer overflows, injection vulnerabilities, and memory corruption issues that traditional testing often misses. 

While unit tests verify that your code works with expected inputs, fuzzing reveals how it fails with unexpected ones. Many critical vulnerabilities in major software have been discovered through fuzz testing, including serious flaws in OpenSSL, browsers, and operating systems. 

What are the challenges with fuzz testing?

The biggest challenge is creating intelligent fuzz tests that find real bugs rather than just random crashes. This requires: 
  • Developing seed inputs that exercise your application's core functionality
  • Writing custom mutators that understand your input format (like file structures or network protocols)
  • Managing the explosion of test cases without getting overwhelmed
  • Distinguishing between meaningful crashes and harmless failures
  • Setting up automated crash reproduction and debugging pipelines 
Rosie Sherry
Rosie Sherry
22nd January 2025
Fuzz Testing — or fuzzing as it’s sometimes known — is an automated software testing technique where unexpected or invalid inputs are used as a way to uncover bugs or vulnerabilities. It’s usually done at scale, too, with many hundreds of permutations of unexpected inputs. It’s a way of stress testing an application to see if it may behave in unexpected ways when faced with data it wasn’t designed to encounter and process.
 
Fuzz testing can offer development teams a level of insight into application behavior and security beyond more static approaches to testing like static application security tests (SAST) or software component analysis (SCA). While SAST and SCA address bugs and risks in source code, fuzzing tests input fields or parameters in deployed web applications. Even the most rigorous SAST tests can’t give you an insight into how inputs might make your application behave when met with real-world inputs.
 
Fuzz testing does share some similarities with dynamic application security testing (DAST), but there are also some subtle differences. DAST typically involves simulating attacks to identify known vulnerabilities, whereas fuzz testing is much more effective at finding unknown issues that might otherwise be hard to uncover through testing.
 
It’s important to note that fuzz testing isn’t an alternative to other testing techniques. Really, it should be used alongside other approaches when and where relevant. If edge cases are a particular concern for the resilience and security of software, fuzzing can be a really valuable addition to a development team’s security practices.
Source: https://www.thoughtworks.com/insights/blog/testing/fuzz-testing-ai-era-rediscovering-old-technique-new-challenges
Rosie Sherry
Rosie Sherry
18th November 2025
Add Definition
Explore MoT
MoTaCon 2026 image

MoTaCon 2026

Thu, 1 Oct 2026
Previously known as TestBash, MoTaCon is the new name for our annual conference. It's where quality people gather.
MoT Software Testing Essentials Certificate image
MoT Software Testing Essentials Certificate
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
Certification
This Week in Quality image
This Week in Quality
Debrief the week in Quality via a community radio show hosted by Simon Tomes and members of the community
Subscribe to our newsletter
We'll keep you up to date on all the testing trends.