« Twitter Updates for 2008-01-17 | Home | iPhone iPod Touch Lotus Notes and sametime »

Web Application Security Fuzzing Tools

By Martin English | January 18, 2008

A list of Web Application Security Fuzzing Tools from dragoslungu com.

A Security Fuzzer is a tool designed to provide random data (i.e. fuzzy data) to an application’s parameters. For web application testing, fuzzing means testing especially for buffer overflow, parameter format check, various encoding and error handling, by sending random data to the application - basically to see what happens.

The results of a fuzzing test reveal application vulnerabilities which range from juicy stuff such as improper data sanitizing (which may allow SQL injection) to apparently harmless disclosure of application environment details such as OS version, Application Server version, database details and even private IP disclosure.

1. SPIKE Proxy
2. WebScarab
3. Burp Intruder
4. Wapiti
5. RFuzz The Web Destroyer
6. OWASP WSFuzzer
7. SPI Fuzzer
8. Suru Web Proxy
9. AppScan
10. ASP Auditor

Topics: Code, Security, Technology, Web / Web 2.0 |

blog comments powered by Disqus

Follow me via RSS

Search the Web safely for high quality, public domain images.

Recent....

• Doom running in your browser
• Greasefire Finds Greasemonkey Scripts for the Site You’re Visiting
• Time to bury the ‘clean coal’ myth
• Google Friend Connect, Twitter and me
• Fixing IE6 CSS Support
• Madoff Fraud
• Why Newspapers are Dying
• Australian charged after reposting YouTube video
• Midnight On The Coast Highway
• Easily add High Dynamic Resolution to your images
• Circumventing Internet Censorship #1
• What does this Error Message or Code mean ?
• Gmail: search for or by the first post in a conversation
• Who cares what colour Obama is ?
• Transcript of Mccain’s Concession Speech

www.flickr.com

This is a Flickr badge showing public photos and videos from martin english (AUS). Make your own badge here.