Fuzz testing, also known as fuzzing, is one of the most widely used testing practices in the quality assurance phase. It involves massive amounts of random data (noise or fuzz) as input to the target system with the intention of targeting APIs to exhibit buffer overflow or any other unwanted behaviors, or even to provoke the system to crash.
Barton Miller at the University of Wisconsin introduced fuzz testing (in 1988, as part of his Operating System Utility Program Reliability – The Fuzz Generator project) to reveal any security loopholes and coding errors in APIs, software, networks, and operating systems.
The primary purpose of API fuzzing is not to test the correct functionality of the API as such, but to explore and test the undefined region with the help of fuzzed data:
As shown in the preceding diagram, the scope of fuzzing is to expose any unexpected behaviors of the underlying API.