fuzzer is a tool used by security professionals (and
professional hackers :) to test a parameter of an application. Typical
fuzzers test an application for buffer overflows, format string
vulnerabilities, and error handling. More advanced fuzzers incorporate
functionality to test for directory traversal attacks, command
execution vulnerabilities, SQL Injection and Cross Site Screpting vulnerabilities. Web Vulnerability scanners typically perform all of
this functionality, and can be considered an advanced fuzzer.
fuzzing is a software testing technique used to discover coding errors and
security loopholes in software, operating systems or networks by inputting massive amounts of
random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is
found, a tool called a fuzz tester (or fuzzer), indicates potential causes.
No comments:
Post a Comment