Example of an image parser fuzz test

Example: Fuzzing an image parser application

What is Fuzzing?

Modern fuzzing is used for security and stability testing of the codebase. The software under test is fed with a series of inputs, which are purposefully mutated in the testing process. The testing tool gets feedback about the code covered during the execution of inputs. Unlike traditional or black-box fuzzing, feedback-based fuzzing explores the program state efficiently and discovers bugs hidden deep in the code.

Learn more about Fuzzing

CI Fuzz: Fuzzing for Everyone

Fuzzing is sometimes hard to integrate into existing development environments. The integration requires fuzzing and domain knowledge. Existing tools are usually from fuzzing experts for other fuzzing experts and therefore hard to use. These limitations have encouraged us to create a more effortless solution for developers and experts alike.

Learn more about CI Fuzz
Fuzzing Limitations

Bugs & Vulnerabilities Found With Fuzzing

Bugs found with fuzzing in Chrome
Bugs found with fuzzing in OSS-Fuzz
Bugs found with fuzzing in Mozilla Firefox
Bugs found with fuzzing in Windows
Bugs found with fuzzing in Linux

CI Fuzz Technology Stack

CI Fuzz is based on advanced technology and comes with convincing features and usable design.

CI Fuzz TechStack

Industries Where Fuzzing Is Used

Industries Where Fuzzing is Used - Automotive
Industries Where Fuzzing is Used - Aviation
Industries Where Fuzzing is Used - Finance
Industries Where Fuzzing is Used - Health
Industries Where Fuzzing is Used - Tele
Industries Where Fuzzing is Used - Energy

Fuzzing - Frequently Asked Questions (FAQs)

What is Fuzzing? 

Fuzzing is a dynamic testing method used for identifying bugs and vulnerabilities in software. It is mainly used for security and stability testing of the codebase.  

Why is Fuzzing (Especially) Useful for Security Testing?
There are some characteristics that make fuzzing extremely useful for security testing. Here is why: 
  • Fuzzing is an almost completely automated testing approach. 
  • Fuzzing can be used for black-box AND white-box testing (on the source code). 
  • Fuzzing does not only detect the vulnerabilities but also provides you with the dynamic inputs that caused the error messages. 
  • Fuzzing identifies bugs reliably without false positives. 
What Is Feedback-Based Fuzzing?
Modern fuzzing engines use smart algorithms tailoring the input to increase the amount of code that is tested with the fuzzer. The commonly used term for this is feedback-driven or feedback-based fuzzing.  
Feedback-based fuzzing uses code coverage information when generating new inputs. Due to measuring code coverage, the fuzzer can monitor which parts of the program were reached with a given input and reach other program parts by generating similar inputs with random but small changes.  
What Is a Fuzz Target?

Fuzz targets are small programs that test predefined API functions, similar to unit tests. However, the inputs are not provided by the developer but produced with the fuzz generators. The generators are responsible for creating random mutations of inputs that are sent to the software under test (SUT). The output of a fuzz generator (i.e. random inputs) is then sent to the SUT. The delivery mechanism processes inputs from fuzz generator and feeds them to SUT for execution.   

Finally, the monitoring system keeps track of how the inputs are executed within SUT and detect triggered bugs, which plays a critical part in the fuzzing process as it also influences what types of vulnerabilities can be discovered during fuzzing.  

Fuzzing vs. Other Testing Methods

If you are looking for a way to secure your software, there are a variety of testing approaches, such as Static Applications Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Feedback-based Application Security Testing (FAST). Each of these methods has its advantages and disadvantages. We have collected some of them in the table below.   FuzzingIsTheMostScalableApproach-1

Comparing testing approaches (click to enlarge)


What Bugs Can You Find With Fuzzing?

The most common bugs are listed below:  

  1. All types of crashes   
  2. Memory Leaks   
  3. Slow Inputs  
  4. Use of uninitialized memory   
  5. Data Races   
  6. Buffer Overflows   
  7. Cross-Site Scripting XSS   
  8. Insecure Deserialization   
  9. Using Components with Known Vulnerabilities   
  10. Insufficient Logging & Monitoring
  11. Pointer Issues
  12. Injections

    See the full list
White-Box Fuzzing vs. Black-Box Fuzzing?


What Is White-Box Fuzzing?  
White-box fuzzing analyses the internal structure of the program, and with each new fuzzing run, they learn to track and maximize the code coverage. White-box fuzzers usually use intelligent instrumentation and adaptable algorithms, which makes them more effective and accurate in detecting vulnerabilities.  
What Is Black-Box Fuzzing?  
Black-box fuzzing generates inputs for a target program without knowledge of its internal behavior or implementation. A black-box fuzzer may generate inputs from scratch, or rely on a static corpus of valid input files to base mutations on. Unlike coverage-guided approaches and white-box fuzzing, the corpus does not grow here.
Black-box fuzzing vs. white-box fuzzing (click to enlarge) 
List of Common Fuzzing Tools

Developers can benefit from a whole range of open-source fuzzing tools. There are often specialized for specific use cases (e.g. Kernel fuzzing) or programming languages. But there are also a few commercial solutions that become relevant if you're working in larger development teams or DevOps environments. Usually they come with more integrations and features, such as automated bug reporting, CI/CD and dev tool integration, Web API fuzzing, or OWASP vulnerability detection.  

Open Source Fuzzers: 

What Standards and ISO Norms Recommend Fuzzing?
  • ISO 26262
    Road vehicles – Functional safety
  • UNECE WP.29
    United Nations World Forum for Harmonization of Vehicle Regulations
  • ISA/IEC 62443-4-1
    Secure product development lifecycle requirements
  • ISO/SAE DIS 21434
    Road vehicles — Cybersecurity engineering
  • UL2900-1 and UL2900-2-1
    Healthcare and Wellness Systems - Software Cybersecurity for Network-Connectable Products
  • ISO/IEC/IEEE 29119
    Software and systems engineering - Software testing
  • ISO/IEC 12207
    Systems and software engineering – Software life cycle processes
  • ISO 27001
    Information technology – Security techniques – Information security management systems
  • ISO 22301
    Security and resilience — Business continuity management systems
  • IT-Grundschutz (Germany)
    Based on ISO 27001
  • and others

See How Feedback-Based-Fuzzing Works in Action!

Talk to our developers to find out in how our software testing solution can help you provide secure and reliable software.

Get Started