Analyzing how a piece of software operates is time-consuming. Software often consists of several thousand lines of source code written in a programming language. Branch instructions and integrated functions make the code difficult to follow. In addition, once the source code has been compiled, it has to be decompiled, which is not always possible.
Fuzzing takes a different approach: It generates all conceivable random data of a given type. The goal is to cover as many input variants as possible. Fuzzing is the interface for automated input. This can happen at different levels. For example, in application fuzzing, different data types are mimicked and passed into the software. Possible lengths and data formats of the inputs can also be tested. Protocol fuzzing uses data packets that you create yourself. Another option involves intercepting, manipulating, and returning contents. File format fuzzing uses randomly generated test files. It tests factors such as size, structure, or set flags.