A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. An obfuscation tool is used to make source code more difficult to understand or complied binary code more difficult to decompile. Fuzzers and code obfuscators address very different elements of security and one tool should not be used in place of the other.
Code obfuscation can be helpful in situations where an application is likely to be reverse engineered. For example, attackers frequently use obfuscation techniques to make computer viruses and backdoor Trojan programs more difficult for security companies to understand and build defenses against. Obfuscation is also used to make Java applets and other applications that are downloaded to a potentially untrustworthy client more difficult to manipulate.
A fun example of manually obfuscated code is the International Obfuscated C Code Contest. (See www.ioccc.org for more.)More information:
- PreEmptive package helps make obfuscation part of SDLC
- Learning Guide: Application security testing techniques
- OWASP Guide to Building Secure Web Applications and Web Services: Configuration