What distinguishes mutation fuzzing from generational fuzzing?

Mutation fuzzing is distinct from generational fuzzing primarily because it relies on modifying existing input samples to create test cases, whereas generational fuzzing is based on the use of predefined models or rules to generate new inputs from scratch. In mutation fuzzing, the process starts with valid input data and systematically alters it—this can involve bit flipping, insertion, deletion, or other changes to produce variations that may trigger vulnerabilities when processed by the target application. The focus is on exploring how slight alterations in known good data can lead to unexpected behaviors or failures.

On the other hand, generational fuzzing constructs inputs based on specifications or protocols, often needing a comprehensive understanding of the application’s input requirements. This method is typically more structured, ensuring that the generated inputs are within the bounds of what the application can handle, following certain models or templates.

The distinction is crucial in creating effective testing approaches, as mutation fuzzing can quickly explore a wide space of variations using fewer resources than might be required for a complete model for generational fuzzing.

The other choices regarding speed, human intervention, and application specificity do not accurately capture the core difference between the two fuzzing approaches.