Skip to main content

Feb 13, 2019 - 1 minute read - Quora Technical Web Testing Security Testing

What is the best fuzzer (automated software testing tool) to find 0-days? Why? Quora Answer

Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?

A:

0-day is a very broad statement.

I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.

I suspect you might be more interested in application or file based fuzzers.

Google have introduced a service for fuzzing applications.

github.com/google/oss-fuzz

There are many lists of fuzzers to read through.

New tools are being created for this all the time and there is a constant flood of research on fuzzing:

scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=

Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)

owasp.org/index.php/Fuzzing

Read this on Quora

Posted by Alan Richardson - in Quora Technical Web Testing Security Testing

All Posts | Evil Tester | Java For Testers | Selenium Simplified | All Categories | Archive

<< When getting rid of a browser, what are the advantages of using taskkill.exe over close method in Selenium? Quora
JavaScript Tutorial Creating a CounterString tool in Chrome Browser Dev Tools Snippets >>

You will need a Github account to comment. Or you can contact me with your comment.

I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, or etc.

Hire Me - I'm an Expert

Contact

Contact Me

Join Email List

Email Privacy Details.

Online Training Courses

Selenium WebDriver With Java (15+ hours) for only $229

Selenium 2 WebDriver API course

Technical Web Testing Course ($10)

Technical Web Testing Course

Evil Tester Talks Bundle ($10)

Evil Tester Talks Technical Testing Bundle

See 4 More Courses

Join Our Mentoring Patreon Community

Gain access to hints, tips, and prompts for improving your testing skills. Regular updates, multiple times a week for only $5 per month.

Learn more about Patreon Mentoring

Books

Buy Dear Evil Tester Book Buy Java For Testers Book Buy Automating and Testing a REST API Buy Selenium Simplified Book

Learn more about our books

Free Agile Testing FAQs eBook

How does Software Testing fit into Agile Projects? Download our free brochure and find out.

Follow

Podcasts and Videos

Podcasts

Subscribe to my YouTube Channel

Web Testing Resource List

Need some motivation?

Try the Sloganizer

""

Recent Blog Posts

What to do if your Chrome Extension is Rejected from Chrome Store

How to Release a Chrome Extension to the Chrome Store

March 2019 EvilTester.com and Patreon Content Summary

Review of Emmet Re-view Chrome extension

Chrome functionality or extensions for responsive web testing?

Which is the best link checking tool?

What is Software Testing And Why Do We Test Software?

Are there any programming Katas related to testing?

Also...

Recommended Reading List