Where: HP Technology Forum & Expo 2007, Mandalay Bay Who: Michael Sutton, Security Evangelist What: "Smashing Web Apps: Applying Fuzzing
to Web Applications and Web Services" When: Thursday, June 21, 2007 at 1:00 p.
For access to the full whitepaper, and more information on high-speed fuzzing
, please visit: http://www.
Fuzzing is a natural part of the SDL: the entire fuzzing methodology promotes building security into systems, instead of protecting vulnerable systems.
Fuzzing should be used in every step in the software development lifecycle, from the first unit tests performed by developers to the last acceptance tests made before the product is released.
is a versatile and comprehensive security testing technique making it a most suitable tool for testing the reliability of novel communication devices or business critical systems and applications.
Codenomicon DEFENSICS product-line uses a methodology called fuzzing
for the proactive elimination of critical security flaws before public exposure.
takes XML message structures and alters them in ways beyond imagination.
Due to a lack of widely available intelligent Fuzzing
solutions the XML industry has had little opportunity to find and fix the unknown-vulnerabilities which can lead to security issues resulting in reduced network and service uptime.
Tarantula crawls Rails applications and identifies data breaks that are vulnerable to fuzzing
ThreatEx with protocol fuzzing
allows users to pinpoint the exact data pattern that causes an error or fault in a primary system.
This approach differs significantly from any other analysis system, test or measurement platform, vulnerability assessment, penetration testing or basic fuzzing
product in the market today.
Targeted to software engineers and developers of IP-based devices and embedded systems, the new feature enables these individuals to leverage the value of fuzzing
by making it more practical to expedite testing for security holes.
(Artificial Intelligence) and Google malware searches are latest tools in the hacker toolbox
tools take an existing network protocol and 'fuzz' it, which means it sends malformed requests and analyzes the results," said Jenik.
Security penetration testing at the message level including SQL injections, XML bombs, parameter fuzzing
, and XPath injections.