Here is my understanding.
Fuzzing and Blackbox test are DAST, but the difference is the following:
Blackbox test is done without the knowledge of the application code logic. Vulnerability scan and penetration test are the BlackBox tests.
Fuzzing tests with the knowledge of the code logic. Fuzzing can test if bugs are exist in the application code itself.
Regards,
- Morozumi
------------------------------
Masahiro Morozumi
Executive Director
CSA Japan Chapter
------------------------------
Original Message:
Sent: May 25, 2021 01:42:55 PM
From: Jenna Morrison
Subject: Fuzzing?
Hello!
In module 5 of the CCSK training they mention fuzzing when talking about DAST. I was wondering if anyone could provide more information about fuzzing? How does it work?
Thanks :)
------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------