Testing

Comprehensive Fuzzing Guide A practitioner’s reference for fuzz testing — fundamentals, coverage feedback, harness construction, corpus strategy, sanitizer usage, and the tool stack for web, binary, kernel, and API targets. Compiled from 23 research sources. Table of Contents Fundamentals Fuzzing Taxonomy Coverage-Guided Fuzzing Harness Construction Corpus Management & Seed Selection Dictionaries & Structure-Aware Fuzzing Sanitizers Binary Fuzzing (AFL++, libFuzzer, honggfuzz) Web Fuzzing (ffuf, wfuzz, feroxbuster, Burp Intruder) API Fuzzing (REST, GraphQL, Protobuf) Kernel & OS Fuzzing Directed & Grammar-Based Fuzzing AI-Augmented Fuzzing Crash Triage & Minimization CI/CD Integration Real-World Wins & CVEs Tools & Frameworks Reference Wordlist & Corpus Resources Quick Reference Cheatsheet 1. Fundamentals Fuzzing is automated software testing by bombarding a target with a large volume of semi-random, invalid, or unexpected inputs and watching for crashes, hangs, memory errors, or assertion failures. The technique originates with Barton Miller’s 1988 University of Wisconsin-Madison experiment, where random inputs crashed roughly a third of tested Unix utilities. ...