In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software testing technique that attempts to find hackable software bugs by randomly feeding invalid and unexpected inputs and data into a computer program in order to find coding errors and security loopholes. This is an old but increasingly common process both for hackers seeking vulnerabilities to exploit and defenders trying to find and first them fix.

Fuzz testing typically involves inputting massive amounts of random data, called fuzz, to the software or system being tested in an attempt to make it crash or break through its defenses. If a vulnerability is found, a software tool called a fuzzer can be used to identify the potential causes.

Fuzzing can often reveal serious defects that are overlooked when software is written and debugged. Fuzzers work best for discovering vulnerabilities that can be exploited by SQL injection, buffer overflow, denial of service (DOS), and cross-site scripting. These are often used by malicious hackers to disable security with the intent of either taking down a system or stealing information. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans, and keyloggers.