9. Web Application and Server Fuzzing
“I’m the master of low expectations.”
—George W. Bush, aboard Air Force One, June 4, 2003
We now move from local fuzzing to fuzzing in a client–server architecture. Specifically, we look at the fuzzing of Web applications and Web servers. As we discuss, fuzzing a Web application can also reveal vulnerabilities in the underlying Web server, but for simplicity, we refer to this class of fuzzing simply as Web application fuzzing going forward. Although the basic concepts remain consistent from network fuzzing, which was previously discussed, we must make a few adjustments. First, Web application inputs are numerous and often lie in nonobvious locations, so we’ll need to redefine what constitutes ...
Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
