From the course: DevSecOps: Automated Security Testing

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Automating a fuzzer

Automating a fuzzer

From the course: DevSecOps: Automated Security Testing

Start my 1-month free trial

Automating a fuzzer

- [Instructor] One of the ways penetration testers and security engineers gain access to places they shouldn't be is just by guessing values for paths, or users, or whatever. This guessing is called fuzzing, and of course security testers don't generally do this manually, but instead they outsource this task to automated fuzzers. This can lead to all sorts of goodness, such as finding hidden admin pages, or finding temporary files with config information in them, sometimes it leads to finding test servers or test versions of the applications. In rare, but particularly damaging situations, entire backups of the database get discovered. Fuzzers can also be used to attempt to overload the system by entering in a bunch of junk, or unexpected input, to crash the application. This can lead to error messages that disclose sensitive information or invoke a denial of service situation. These are just a few scenarios of how fuzzers are used. In this course, we are going to use the open source…

Contents