Security testing, like any other kind of testing, has its challenges. It also has a wide variety of techniques and tools available to help solve those challenges. Fuzzing utilises automated tools that allow large data sets to be submitted to applications, often triggering interesting responses and allow potential issues and bugs to surface.
Fuzzing is one of my personal favourite techniques, because it is so useful for security testing, and finding all sorts of potential vulnerabilities in short order, Fuzzing can
supplement your existing testing skills and techniques to find all sorts of errors, when used with caution.
Fuzzing is a great way to utilise a huge variety of data in your testing. It’s powerful and versatile enough to use against all sorts of applications, with almost any kind of data. It can be used to elicit errors from a specific function or object, or to launch a brute force attack against an application. Fuzzing can even be built into automation and continuous integration strategies.
In this talk we will discover what fuzzing is and how it can support and enhance your testing strategies. We will identify some of the risks and problems of fuzzing, such as selecting the right targets and observing application behaviours when an application is being attacked. We will also explore some of the tooling available. Alongside practical demonstrations of the technique, this talk will help testers to apply technical learning beyond the functional and help them discover potential errors in an exciting and challenging way.