Fuzzing sends unexpected/random inputs to find crashes and vulnerabilities — discovering buffer overflows, format string bugs, and input validation failures.
Coverage-guided fuzzing (AFL, libFuzzer) maximizes code path exploration. API fuzzing (Burp Intruder, ffuf) finds parameter handling flaws. Fuzzing finds vulnerabilities that manual review misses — especially memory corruption bugs. Combine with SAST for comprehensive vulnerability discovery.