Fuzzers automatically test your code.

That is something you might know already! What you might not know is that not every fuzzer is created equal.

One common approach to distinguishing fuzzers uses the terms white/grey and black box fuzzing. Let's dive a bit deeper into what those terms mean!

White Box 

White-box fuzzers know everything!

These fuzzers use different analysis techniques to gain an intricate understanding of a program. They systematically approach a program and leverage their deep insight to know how to generate inputs that cover the program well.

This power comes at a cost! The analyses that white box fuzzers use to gain their perfect knowledge are computationally expensive and can significantly slow the process.

Black Box

Black box fuzzers are blazing fast!

Black box fuzzers treat the program under test as a black box (it's in the name 😉). They randomly try inputs, which is a super cheap operation. This means you can try thousands of inputs per second!

Unfortunately, just trying random things is often not a great way to get good coverage! 

Grey Box

Grey box fuzzers combine the best of both worlds!

1. They don't use expensive analyses to try thousands of examples per second. 

2. They also don't treat the program as a black box 😉 but look at the execution. 

For example, a grey box fuzzer might look at the code that inputs cover—picking inputs that cover new code and mutating them, rather than trying new inputs!