What is a Security Fuzzer?

A Security fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.

Popular free fuzzers include SPIKE Proxy, Peach Fuzzer Framework, and WebScarab.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Remember personal info?