"Web application fuzzing is a method of detecting a web application's vulnerabilities prior to deploying the application on a production system. Users of this approach send several malicious requests to the application and, based on the responses received, determine the application's security posture. Users also can apply fuzzing to perform tests on several different attack vectors such as SQL, XPATH, and LDAP injection, and error handling.
This article introduces web application fuzzing, using Ruby code to show how it works and demonstrate how to implement it. This example code can serve as a starting point for a framework; you can build advanced fuzzing software on top of it. Specifically, by completing the article, you will learn the following:
* Web fuzzing techniques with HTTP requests
* How to use a Ruby fuzzing framework
* How to leverage interactive Ruby (irb) for web fuzzing
* How to script the objects in Ruby for fuzzing
* How to detect vulnerabilities with fuzzing"
Link to this Story:
02/27/2007 Detect Your Web Application's Vulnerabilities Early with Ruby
Article Link: http://www.devx.com/security/Article/33559