As you might expect, some of the most recent fuzz testing news has to do with the Internet, specifically web browsers. Not too long ago, HD Moore, a security researcher, along with a set of colleagues used fuzzing to test the major browsers, mostly notably Internet Explorer, and found several hundred ways to make it crash. All in all, there were at least 50 defects, some of which could allow someone to gain control of a website user's Windows system. Moore and Co. found it easier to check the user applications (i.e. web browsers) than test the server itself. This also helps protect the user from the malicious websites that I mentioned earlier.
Of course, attackers have become more innovative when it comes to attacking a network's internal system through browsers. And apparently the internal systems are more vulnerable than the well-maintained external applications. Microsoft has done its part in fixing some of the most crucial vulnerabilities in Internet Explorer, but it would be interesting to see just how far they've come to this point.
Earlier this year, the company SPI Dynamics released a web fuzz testing tool specifically for web applications called Web Fuzz. The simplicity and ferocity with which web applications are made makes fuzz testing the ideal choice for detecting vulnerabilities, especially since they account for half of all defects. This was good news for developers because the vendors aren't likely to have their back when bugs start coming up in their apps. SPI Dynamics employee Michael Sutton describes the way fuzzing finds the simple vulnerabilities through a process called FUGGLE (Fuzzing Using Google Gets Low-hanging-fruit Easily):
... you can Google for sites that are going to be vulnerable to attack. Then you make a request for them using Google fuzzing to see if they could find indicators of what vulnerabilities [are there].
The new developments in fuzz testing grow by the day, it seems. The real innovations are in the field of customized tools designed to test specific software protocol. Some companies are providing libraries of reusable code that make customizing easier without having to start over. Yes, it's a fledgling industry now, but as the web grows and developers need ways to test their apps, so too will the fuzzing industry.
Search Engine News 
