Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Parameter fuzzing and forced browsing
From: mikeiscool <michaelslists () gmail com>
Date: Thu, 10 Aug 2006 09:55:22 +1000

On 9 Aug 2006 14:26:59 -0000, indianwhitehathacker () yahoo com
<indianwhitehathacker () yahoo com> wrote:
I was going through the OWASP Top Ten Guide and I came across these terms:-


1. Parameter fuzzing

2. Forced browsing


What are these? Is forced browsing something like an attempt to access a resource that I am not supposed to access by 
putting the direct link with the necessary parameter values in a hope that may be in that page the authentication is 
broken?


Also, I read about fuzzers. Can someone throw light on what are fuzzers?

come on now, searching can give you all the answers...

but fuzzing is the process if sending in random data and seeing if the
app crashes. the data be close to real data (a little fuzzy) or not
close to real data at all (very fuzz).

'forced browsing' would, i guess, refer to the act of making the
victims browser visit a page they didn't intend. done via some xss or
even header injection into a badly santised 'redirect'.

but i'd think the OWASP Guide itself may document these things. maybe
not. i'm sure the appropriate person will comment at the suggestion it
doesn't, though :)

-- mic

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault