Secure Coding mailing list archives
Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis
From: ken at krvw.com (Kenneth Van Wyk)
Date: Tue, 27 Feb 2007 03:06:22 -0500
Here's an interesting article from Dark Reading about web fuzzers. Web fuzzing seems to be gaining some traction these days as a popular means of testing web apps and web services. http://www.darkreading.com/document.asp? doc_id=118162&f_src=darkreading_section_296 Any good/bad experiences and opinions to be shared here on SC-L regarding fuzzing as a means of testing web apps/services? I have to say I'm unconvinced, but agree that they should be one part--and a small one at that--of a robust testing regimen. Cheers, Ken P.S. I'm over in Belgium right now for SecAppDev (http:// www.secappdev.org). HD Moore wowed the class here with a demo of Metasploit 3.0. For those of you that haven't looked at this (soon to be released, but available in beta now) tool, you really should check it out. Although it's geared at the IT Security pen testing audience, I do believe that it has broader applicability as a framework for constructing one-off exploits against applications. ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20070227/91e89a82/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://krvw.com/pipermail/sc-l/attachments/20070227/91e89a82/attachment.bin
Current thread:
- Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis Kenneth Van Wyk (Feb 27)
- Message not available
- Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis Kenneth Van Wyk (Feb 27)
- Message not available
- Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis Michael Silk (Feb 27)
- Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis Kenneth Van Wyk (Feb 27)
- Dark Reading - Desktop Security - Here Comes the (Web) Fuzz- Security News Analysis J. M. Seitz (Feb 27)