OWASP WSFuzzer Description

Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Consider an integer that stores the result of the user's selection between three questions. When the user selects one, he will have the option of choosing 0, 1, or 2. This gives us three possible cases. Integers will be stored in a static variable. If the default switch case is not implemented properly, the program can crash and cause "classical" security problems. Fuzzing is a form of automatic bug detection. Its role is to identify software implementation faults, and if possible, find them. A fuzzer program is a program which injects semi-random information into a stack or program and detects bugs. Generators are used to generate data, while debugging tools are used to identify vulnerabilities. Generators use a combination of static fuzzing vectors.

OWASP WSFuzzer Alternatives
Google ClusterFuzz Reviews
Google ClusterFuzz
ClusterFuzz provides a scalable fuzzing system that can be used to find security and stability issues within software. Google uses ClusterFuzz as the fuzzing engine for OSS Fuzz and to fuzz all Google Products. ClusterFuzz offers many features that allow fuzzing to be seamlessly integrated into the software development process. Fully automatic bug filing and triage for different issue trackers. Supports multiple coverages-guided fuzzing engines to achieve optimal results (with ensemble fuzzing and fuzzing strategy). Statistics to analyze fuzzer performance and crash rates. Web interface for managing and viewing crashes. Support for multiple authentication providers using Firebase. Support for black-box fuzzing, test case minimization and regression finding using bisection.
Learn more
go-fuzz Reviews
go-fuzz
Go-fuzz provides coverage-guided fuzzing for testing Go packages. Fuzzing is most useful for packages that parse binary and text inputs. It is also useful to harden systems that parse inputs that are potentially malicious (anything that is accepted over a LAN). Go Modules are now supported by go-fuzz. Please file an issue if you encounter a module problem. Data is a randomly generated input by go-fuzz. Note that it is usually invalid. The function must return 0 if no input should be added to the corpus, but the fuzzer must increase the priority. The fuzz function has to be in a package go-fuzz is able to import. This means that the code you wish to test cannot be in package main. However, fuzzing internal packages can be done.
Learn more
CI Fuzz Reviews
CI Fuzz
CI Fuzz provides robust and secure code, with 100% test coverage. Use CI Fuzz on the command line, or in your favorite IDE to generate thousands of automated test cases. CI Fuzz analyzes the code as it runs. It's like a unit-test, but with AI to cover all paths in the code. Say goodbye to false positives and theoretical issues. Find real issues and get all the information you need to reproduce them quickly and fix them. Test your code with maximum coverage and automatically detect typical security bugs such as injections and remote executions. Deliver the highest-quality software by being fully covered. CI Fuzz allows you to perform real-time code analyses. Unit tests at the next level. It uses AI to generate thousands of test cases and comprehensive code coverage. Maximize pipeline speed without compromising software integrity.
Learn more
Echidna Reviews
Echidna
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar based fuzzing campaigns, based on an ABI contract, to falsify user defined predicates or Solidity statements. Echidna was designed with modularity in the mind. It can be easily expanded to include new mutations, or test specific contracts for specific cases. It generates inputs that are tailored to your code. Use optional corpus collection, mutation and guidance to find deeper bugs. Powered by Slither, to extract useful information prior to the fuzzing campaigns. Source code integration for identifying which lines have been covered after the fuzzing campaign. Interactive terminal UI with text-only output or JSON. Automatic test case minimization to speed up triage. Integration into the development workflow is seamless. Reporting of maximum gas usage during the fuzzing campaign. Support for the complex contract initialization process with Etheno, Truffle.
Learn more

Integrations

View Integrations

Reviews

Total
ease
features
design
support

No User Reviews. Be the first to provide a review:

Write a Review

Company Details

Company:
OWASP
Headquarters:
United States
Website:
owasp.org/www-community/Fuzzing

Media

OWASP WSFuzzer Screenshot 1
OWASP WSFuzzer Screenshot 1
Recommended Products
1Password makes it easy to store and share passwords anywhere, anytime Icon
1Password makes it easy to store and share passwords anywhere, anytime

More than a password manager.

Protect yourself, your family, or your global workforce with simple security, easy secret sharing, and actionable insight reports.
Start Today

Product Details

Platforms
Windows
Mac
Linux
Type of Training
Documentation
Webinars
Videos
Customer Support
Online

OWASP WSFuzzer Features and Options

OWASP WSFuzzer User Reviews

Write a Review
  • Previous
  • Next