Fuzzing or fuzz testing is “a Black Box software testing technique” which aims to find “implementation bugs using malformed/semi-malformed data injection in an automated fashion.”
What is “malformed data”?
Consider a trivial question which expects integer input that is either “1”, “2”, or “3”. It works perfectly if the the input is 1, 2, or 3. But what about an input of 0 or -1 or 99?
These input values, which are logically acceptable (as they integers) , but not what the system is “expecting” are considered to be “malformed data” for that scenario.
If the default switch case hasn’t been implemented securely while coding, the program may crash and lead to the (unfortunately) common software security issues: “buffer overflows, DoS, etc” 
select case (int question_input)
case 1: “You are First!”; break;
case 2: “You are Second!”; break;
case 3: “You are Third!”; break;
case else: “Wrong input – try again!”; break; //default case
How does a fuzzer work?
A fuzzer works by automatically injecting semi-random data into the program or an executing stack.
“Generators” handle the data-generation logic, and are they usually use combinations of “static fuzzing vectors (known-to-be-dangerous values)”, or completely random data.
New generation fuzzers use “genetic algorithms to link injected data and observed impact.” .
Types of fuzzing
Some of the common ones are-
1. GUI-fuzzing: fuzzy input on Graphical User Interface elements like textboxes, drop-down boxes etc.
2. Command-line fuzzing: pushing fuzzy input as command line arguments while executing the application through the DOS prompt
4. Protocol fuzzing – sending “forged packets to the tested application”, acting a proxy, modifying “requests on the fly and replaying them.”