Ask the Expert

Using fuzzer tools to find vulnerabilities

What are "fuzzing" tools and what do they do? If hackers are using them, can they be used for security?

    Requires Free Membership to View

A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. Fuzzers generate and submit a large number of inputs to the test target with the goal of identifying inputs that produce malicious or interesting results. For example, a fuzzer testing the login screen for a Web application would submit hundreds or even thousands of login attempts with a variety of potentially malicious input strings including cross-site scripting (XSS), SQL injection, and very long inputs.

The fuzzer records the response of the application to each input for the tester (or attacker) to review later. A fuzzing tool is one of the first steps in the test process and is followed up by further manual testing guided by the output of the fuzzer.

 Software security tools:
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks

Web application security testing reaches new level

Want secure software? Think like an attacker

Fuzzers are a great tool to use when trying to discover security vulnerabilities. This makes them valuable to attackers as well as software developers and legitimate testers. A good security test plan will specify when and how fuzzers and other automated security test tools should be employed.

Fuzzers can help find and fix security bugs during the development and test phase when it is much cheaper to do so. This is much better than waiting for an attacker to find the security vulnerabilities after the software is released to production.

This was first published in July 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: