Day 30 of 60
·
Dynamic, fuzz & dynamic security
Fuzz testing
OSS-Fuzz has found tens of thousands of bugs that no other technique would. If you write a parser, a codec, or a protocol, you owe your users a fuzzer.
ProblemEdge inputs you didn't imagine, malformed bytes, oversized payloads, unicode tricks.
How it works
Mutational or generational fuzzers feed random inputs to a target function and watch for crashes, hangs, or sanitiser violations. Continuous fuzzing services (OSS-Fuzz, ClusterFuzz) run 24/7.
What it catches
Memory corruption, parser crashes, undefined-behavior, unhandled exceptions. Has caught more security CVEs in browsers and codecs than any other technique.
Tools
libFuzzer · OSS AFL++ · OSS Jazzer (JVM) · OSS go fuzz · OSS Atheris (Py) · OSS
Verdict by project size
Small
Skip
Medium
Opt
Large
Rec
Extra-large
Must
Cost
| Project size | Setup | Maint / mo | Tool / mo | CI / run |
|---|---|---|---|---|
| Small <10k LOC | 2d | 1h | $0 | , |
| Medium 10–100k LOC | 5d | 5h | $0 | , |
| Large 100k–1M LOC | 20d | 30h | $500 | , |
| Extra-large >1M LOC | 80d | 150h | $5k | , |
Setup = engineer-days to first useful run ·
Maint = engineer-hours / month at steady state ·
Tool = out-of-pocket $ / month ·
CI = minutes added (or saved) per pipeline run
Lifecycle & ownership
When in lifecycle
Build Test
Per merge · Runs after merge to main; nightly heavy jobs.
Who owns it
Security / AppSec
SAST, DAST, threat modelling
Collaborates with: Developer
Reference implementations
-
OSS-Fuzz documentation
Continuous fuzzing reference model for open-source projects.
-
libFuzzer tutorial
Official in-process fuzzing guide and harness structure.
-
AFL++ examples
Coverage-guided fuzzing examples for native targets.
Quick check
Fuzz testing has the strongest track record in which domain?
One question. Pick the best answer. Your streak is saved locally on this device.
Save the lesson
Download SVG ↓
Screenshot for a 1:1, drop it in Slack, or download the SVG.