O'Reilly logo

Fuzzing: Brute Force Vulnerability Discovery by Pedram Amini, Adam Greene, Michael Sutton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Web Application and Server Fuzzing

 

“I’m the master of low expectations.”

 
 --George W. Bush, aboard Air Force One, June 4, 2003

We now move from local fuzzing to fuzzing in a client–server architecture. Specifically, we look at the fuzzing of Web applications and Web servers. As we discuss, fuzzing a Web application can also reveal vulnerabilities in the underlying Web server, but for simplicity, we refer to this class of fuzzing simply as Web application fuzzing going forward. Although the basic concepts remain consistent from network fuzzing, which was previously discussed, we must make a few adjustments. First, Web application inputs are numerous and often lie in nonobvious locations, so we’ll need to redefine what constitutes an ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required