fuzzing – Page 9 – WindowsTechs.com

Using Fuzzing to Mine for Zero-Days

Posted on December 7, 2018 by Derek Manky

Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today’s security landscape. Continue reading Using Fuzzing to Mine for Zero-Days→

Faster fuzzing ferrets out 42 fresh zero-day flaws

Posted on December 3, 2018 by Danny Bradbury

A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept – fuzzing. Continue reading Faster fuzzing ferrets out 42 fresh zero-day flaws→

Use a fuzzing tool to mutate numbers to numbers

Posted on November 22, 2018 by zell

Some fuzzers can be categorized as “input fuzzers”. Given a program input, they mutate it and generate another input, which has the potential to crash the program.

Now, I need to fuzz numerals and I hope the output of the f… Continue reading Use a fuzzing tool to mutate numbers to numbers→

What is the importance of fuzzing?

Posted on November 13, 2018 by CoderPE

I’ve heard a lot about fuzzing website parameters with programs like OWASP-zap but what is the importance of it? A simple active scan finds vulnerabilities in a website such as XSS. So why do we need the fuzzer?

If someone … Continue reading What is the importance of fuzzing?→

Are there other methods than fuzzing for black box?

Posted on November 4, 2018 by simple_elliot

I find fuzzing a bit to basic method if it comes to black box apps. I am specifically interested how to find a vulnerability in network protocols. I have read “Attacking Network Protocols” but only fuzzing was discussed.

… Continue reading Are there other methods than fuzzing for black box?→

Fuzzing versus Symbolic Execution — what’s the difference?

Posted on November 1, 2018 by Bradley Evans

Fuzzing, per a current Wikipedia definition is defined the following way:

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a compu… Continue reading Fuzzing versus Symbolic Execution — what’s the difference?→

fuzzing xss mutillidae with OWASP ZAP

Posted on October 6, 2018 by Aleksander Ring

I am playing with XSS fuzzing and find the zap proxy very good, since I am able to utilize the fuzz option. I don´t have burp pro, so I can´t import lists into repeater. My problem is that, I´m able to manually provoke a XSS … Continue reading fuzzing xss mutillidae with OWASP ZAP→

How to Spot Good Fuzzing Research

Posted on October 5, 2018 by Trent Brunson

Of the nearly 200 papers on software fuzzing that have been published in the last three years, most of them—even some from high-impact conferences—are academic clamor. Fuzzing research suffers from inconsistent and subjective benchmarks, wh… Continue reading How to Spot Good Fuzzing Research→

SAT (Satisfiability) it is security risk?

Posted on August 22, 2018 by misdeed

If researcher found satisfiability in any software, this is a threat to security? If answer – “Yes”, how can attacker to use SAT?

Continue reading SAT (Satisfiability) it is security risk?→

Vulnerabilities in smart card drivers open systems to attackers

Posted on August 13, 2018 by Zeljka Zorz

Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges. … Continue reading Vulnerabilities in smart card drivers open systems to attackers→