Re: sfuzz released

[yersinia <yersinia.spiros () gmail com>]

On Mon, Mar 9, 2009 at 4:43 PM, Aaron <apconole () yahoo com> wrote:

> Hello security people,
>   In the course of doing some work at my current place of employment, it
> has become necessary for us to do some SQA / blackbox testing, and while my
> first reach may have been SPIKE, alas our SQA folks don't have the
> time/patience/whatever to be able to build solid cases with it. So, doing
> what any good doobie does, I wrote a fuzzer that should be able to allow
> testing of commandline options, network processes, etc, called simple
> fuzzer. It can be found at http://aconole.brad-x.com/programs/sfuzz.html .
> It's reminiscent of easyfuzz from priest (whatever happened to those guys?).
> Hopefully, someone can find some use for it as a first-line fuzzer to be
> used in conjunction with SPIKE and other fuzzers.

As more and more user begin to use WAF as mod_security and the like (in
negative and positive model) fuzzer as sfuzz began to be useless. For
example, the core rule of mod_security dropped all the attempt of
sfuzz. Just for putting an other eye on the matter.

Best Regards

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave