[SC-L] Dark Reading - Desktop Security - Here Comes the (Web) Fuzz - Security News Analysis

[Kenneth Van Wyk]

Here's an interesting article from Dark Reading about web fuzzers.   
Web fuzzing seems to be gaining some traction these days as a popular  
means of testing web apps and web services.

http://www.darkreading.com/document.asp? 
doc_id=118162&f_src=darkreading_section_296

Any good/bad experiences and opinions to be shared here on SC-L  
regarding fuzzing as a means of testing web apps/services?  I have to  
say I'm unconvinced, but agree that they should be one part--and a  
small one at that--of a robust testing regimen.

Cheers,

Ken

P.S. I'm over in Belgium right now for SecAppDev (http:// 
www.secappdev.org).  HD Moore wowed the class here with a demo of  
Metasploit 3.0.  For those of you that haven't looked at this (soon  
to be released, but available in beta now) tool, you really should  
check it out.  Although it's geared at the IT Security pen testing  
audience, I do believe that it has broader applicability as a  
framework for constructing one-off exploits against applications.
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070227/91e89a82/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://krvw.com/pipermail/sc-l/attachments/20070227/91e89a82/attachment.bin