Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: yersinia (yersinia.spirosgmail.com)
Date: Tue Mar 10 2009 - 03:40:48 CDT
On Mon, Mar 9, 2009 at 4:43 PM, Aaron <apconoleyahoo.com> wrote:
> Hello security people,
> In the course of doing some work at my current place of employment, it
> has become necessary for us to do some SQA / blackbox testing, and while my
> first reach may have been SPIKE, alas our SQA folks don't have the
> time/patience/whatever to be able to build solid cases with it. So, doing
> what any good doobie does, I wrote a fuzzer that should be able to allow
> testing of commandline options, network processes, etc, called simple
> fuzzer. It can be found at http://aconole.brad-x.com/programs/sfuzz.html .
> It's reminiscent of easyfuzz from priest (whatever happened to those guys?).
> Hopefully, someone can find some use for it as a first-line fuzzer to be
> used in conjunction with SPIKE and other fuzzers.
As more and more user begin to use WAF as mod_security and the like (in
negative and positive model) fuzzer as sfuzz began to be useless. For
example, the core rule of mod_security dropped all the attempt of
sfuzz. Just for putting an other eye on the matter.
Dailydave mailing list