CCSK

Expand all | Collapse all

Fuzzing?

  • 1.  Fuzzing?

    Posted 23 days ago

    Hello!

    In module 5 of the CCSK training they mention fuzzing when talking about DAST. I was wondering if anyone could provide more information about fuzzing? How does it work? 

    Thanks :)



    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: Fuzzing?

    CSA Instructor
    Posted 23 days ago
    Edited by Guillaume Boutisseau 23 days ago
    In short,  fuzzing consists in feeding an application with various types of wrong or bad/poisonous data and see if it takes it or if it breaks, which would point to bugs and vulnerabilities in the application code.


    Owasp has more here : https://owasp.org/www-community/Fuzzing .


    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------



  • 3.  RE: Fuzzing?

    CSA Instructor
    Posted 23 days ago
    Here is my understanding.
    Fuzzing and Blackbox test are DAST, but the difference is the following:
    Blackbox test is done without the knowledge of the application code logic. Vulnerability scan and penetration test are the BlackBox tests.
    Fuzzing tests with the knowledge of the code logic. Fuzzing can test if bugs are exist in the application code  itself.

    Regards,
        - Morozumi

    ------------------------------
    Masahiro Morozumi
    Executive Director
    CSA Japan Chapter
    ------------------------------