Friday, April 29, 2005
Fuzzing
I attended OWASP's local chapter meeting for a presentation on Web Services Security. It was during the presentation, that I learnt a new word: fuzzing. According to SPI Dynamic's website:
It always feel good to learn something new. If you want to know more about fuzzing, check out this Wikipedia link on Fuzz testing.
"Fuzzing" is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities. For example, when searching for buffer overflows, a tester can simply generate data of various sizes and send it to one of the application entry points to observe how the application handles it.So you basically throw random data at a webservice or a web application to see how it reacts to your input. I've sometimes done this type of testing, but just learned that this is called fuzzing.
It always feel good to learn something new. If you want to know more about fuzzing, check out this Wikipedia link on Fuzz testing.
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
