Fuzzing for Injections
Use fuzz testing to protect your web applications from injections.
During an injection attack, an attacker inserts damaging input into a web application. Processing this input can cause an undefined behavior of the application, reveal personal data, or even crash the application. It is not only the testing of web applications that presents a whole series of challenges, but also the testing of the databases behind them. If security gaps and edge cases are not well secured, it is only a matter of time before attackers take advantage of this.
In case of injections, rigorous stability testing of your web application and database backups can save your existence. However, there are also smart testing methods that automate these testing processes and allow you to fix injections before they occur. Fuzz testing for example contributes enormously to ensuring the functional safety of software, but it's also suitable for disclosing serious security vulnerabilities, without false positives.
Developers have to pay more attention to injections. To this day, injections rank number one on the OWASP list of the 10 most common and dangerous security vulnerabilities for web applications.
Read full article: Are SQL Injections still a thing?
Automated fuzz testing has proven to be one of the most effective testing methods to detect OWASP vulnerabilities. This way, you can always be at least one step ahead of attackers.
Read full article: Using Fuzzing to Detect SQL Injections
If an injection vulnerability is exposed, attackers can gain access to your web application, databases or other sensitive data. Since injections can have many forms and shapes, it is important to protect your software against all possible types of injections.
Read full article: Injections - the Many-Faced Thread
Modern fuzzing engines feed applications with dynamic inputs to provoke unexpected or erroneous behavior.
Read full article: What Bugs Can you Find with Fuzzing?
The 10 Most Dangerous Types of Injections
Code Intelligence's new Java fuzzer enabled us to quickly find bugs and vulnerabilities in Java applications.
I knew a custom fuzzer I wrote way back was not particularly good, but I was still surprised when CI's fuzzer turned up a bunch of bugs that mine never caught. I was impressed with how well versed the CI folk are in identifying properties to check, and how on point the reports were.
Simon Resch shows here a novel approach that simplifies and automates your web application testing with modern fuzzing techniques.
In this webinar, our CTO Khaled Yakdan will show you how to use feedback-based fuzzing to find vulnerabilities in the backend of your web application. Learn to efficiently detect security vulnerabilities and bugs.
In this webinar, Simon Resch illustrates a novel approach that using modern fuzzing techniques helps you to automate your web application testing.