A Deep Dive Into Fuzzing
Get the buzz on fuzz testing in software development.
Get the buzz on fuzz testing in software development
Did you know fuzzing is a great way to spot vulnerabilities and bugs in your software? If you're thinking about adding this technique to your software testing toolkit (or taking it to the next level), this episode can help!
Used extensively by security researchers, fuzzing (aka fuzz testing) has become popular with software developers too. And for good reason. Fuzzing utilities are available for a wide variety of use cases and can be left running for days at a time with minimal interaction.
Watch the on-demand session with Bishop Fox alumnus Matt Keeley.
What We Learned:
In this session, Matt explored fuzzing as a dynamic testing approach for uncovering software vulnerabilities. We covered the key differences between black-box and white-box fuzzing, how instrumentation-guided fuzzing improves code coverage, and why mutation-based vs. generation-based fuzzing matters. The discussion also highlighted real-world applications, from binary analysis and memory corruption detection (heap overflows, use-after-free, out-of-bounds reads/writes) to identifying race conditions and DoS vectors in web applications and network protocols.
The session included a live fuzzing demo using AFL (American Fuzzy Lop) to target a compiled binary, demonstrating how input mutation and execution tracing can efficiently surface segmentation faults and exploitable conditions. We also covered CI/CD pipeline integration, harnessing techniques for deeper code coverage, and how symbolic execution can refine fuzzing strategies. The Q&A tackled best practices for triaging crashes, distinguishing between exploitable vs. non-exploitable bugs, and when to consider custom fuzzing setups over existing frameworks. Watch the replay to explore how fuzzing can harden your applications against real-world attacks.