[WEB SECURITY] the different between black box test and fuzzing test .
rohirp92 at yahoo.com
Mon Jun 20 05:42:01 EDT 2011
In additional note, "efficent" fuzzing requires a little bit knowledge of
For example, to write very effective network fuzzer, you would need to know the
Similarly for writing file scanning fuzzer, you would need file format, its
Also, as Andrew points out, often you need very deep white box analysis to
understand results of fuzzing. For example, if it causes crash, then why, how
From: Andrew Petukhov <petand at lvk.cs.msu.su>
To: 孙松柏 <lukesun629 at gmail.com>
Cc: websecurity at lists.webappsec.org
Sent: Tue, June 14, 2011 11:08:11 AM
Subject: Re: [WEB SECURITY] the different between black box test and fuzzing
"Black-box" - outlines the capabalities of a tester (i.e. provide input
and check output).
"Fuzzing" - outlines an idea for reaching the goal of testing. There
are different goals: security, acceptance, functional, etc.
So sum the things up, these are different dimensions in testing:
capabilities, the goal of testing and the technique used to reach the goal.
For example, you can imagine white-box security testing using in-memmory
fuzzing with dynamic taint analysis.
Hope that helps.
6/14/11 5:56 AM, 孙松柏 пишет:
> hi every one !
> i recently write a paper about open source WAVS .
> I am confused about the fuzzing test and the black box testing.
> can anyone tell me the similarities and differences between them ?
> thx for u precious time !
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity