Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Using fuzzer tools to find vulnerabilities

Fuzzers are excellent tools for finding vulnerabilities in your software. They can be used legitimately by a developer or maliciously by a hacker. Expert Brad Arkin explains how to use fuzzers in order to enhance security.

What are "fuzzing" tools and what do they do? If hackers are using them, can they be used for security?

A fuzzing tool or fuzzer is a software test tool used to probe for security vulnerabilities. Fuzzers generate and submit a large number of inputs to the test target with the goal of identifying inputs that produce malicious or interesting results. For example, a fuzzer testing the login screen for a Web application would submit hundreds or even thousands of login attempts with a variety of potentially malicious input strings including cross-site scripting (XSS), SQL injection, and very long inputs.

The fuzzer records the response of the application to each input for the tester (or attacker) to review later. A fuzzing tool is one of the first steps in the test process and is followed up by further manual testing guided by the output of the fuzzer.

 Software security tools:
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks

Web application security testing reaches new level

Want secure software? Think like an attacker

Fuzzers are a great tool to use when trying to discover security vulnerabilities. This makes them valuable to attackers as well as software developers and legitimate testers. A good security test plan will specify when and how fuzzers and other automated security test tools should be employed.

Fuzzers can help find and fix security bugs during the development and test phase when it is much cheaper to do so. This is much better than waiting for an attacker to find the security vulnerabilities after the software is released to production.

Dig Deeper on Topics Archive