Which security testing technique involves feeding malformed data to software to cause crashes and reveal vulnerabilities?

Fuzzing focuses on testing how software handles unexpected or invalid input by automatically generating or mutating inputs and feeding them into the program while watching for crashes, hangs, or memory errors. This approach aims to uncover vulnerabilities that arise from poor input validation, boundary conditions, or memory management issues, such as buffer overflows or null dereferences. It can be conducted with little to no knowledge of the internal code (black-box) or with knowledge of the program’s behavior to guide input generation (white-box), and it’s especially effective against parsers, network services, and file-handling components. Because it specifically targets producing malformed data to provoke failures, fuzzing is the best description of the technique in question. Penetration testing is broader and often manual, static analysis examines code without execution, and compliance scanning checks for policy adherence, none of which center on feeding bad inputs to cause crashes.