A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. Fuzzers generate and submit a large number of inputs to the test target with the goal of identifying inputs that produce malicious or interesting results. For example, a fuzzer testing the login screen for a Web application would submit hundreds or even thousands of login attempts with a variety of potentially malicious input strings including...
cross-site scripting (XSS), SQL injection, and very long inputs.
The fuzzer records the response of the application to each input for the tester (or attacker) to review later. A fuzzing tool is one of the first steps in the test process and is followed up by further manual testing guided by the output of the fuzzer.
Fuzzers are a great tool to use when trying to discover security vulnerabilities. This makes them valuable to attackers as well as software developers and legitimate testers. A good security test plan will specify when and how fuzzers and other automated security test tools should be employed.
Fuzzers can help find and fix security bugs during the development and test phase when it is much cheaper to do so. This is much better than waiting for an attacker to find the security vulnerabilities after the software is released to production.
Dig deeper on Building security into the SDLC (Software development life cycle)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.