This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP NYC AppSec 2008 Conference-SPEAKER-Yiannis Pavlosoglou"
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web == | == JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web == | ||
| + | [[Image:JBroFuzz-SplashScreen.jpg|thumb|500px|left|JBroFuzz Splash Screen]] | ||
The process of creating a stable and functional fuzzing tool for web applications, when examined in greater detail holds a number of caveats. With the ever-growing need for reliable penetration testing tools, [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] in its short history, has been designed with the key objective of being able to fuzz the web. | The process of creating a stable and functional fuzzing tool for web applications, when examined in greater detail holds a number of caveats. With the ever-growing need for reliable penetration testing tools, [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] in its short history, has been designed with the key objective of being able to fuzz the web. | ||
This talk aims to cover the evolution of development of this application, starting from the architectural design criteria, to the definition of fuzzers and generators, encompassing also the graphical user interface. Key areas covered will include: | This talk aims to cover the evolution of development of this application, starting from the architectural design criteria, to the definition of fuzzers and generators, encompassing also the graphical user interface. Key areas covered will include: | ||
| + | |||
| + | == Overview == | ||
* Designing fuzz categories (OWASP Testing Guide v2) | * Designing fuzz categories (OWASP Testing Guide v2) | ||
Latest revision as of 23:19, 1 February 2009
JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
The process of creating a stable and functional fuzzing tool for web applications, when examined in greater detail holds a number of caveats. With the ever-growing need for reliable penetration testing tools, JBroFuzz in its short history, has been designed with the key objective of being able to fuzz the web.
This talk aims to cover the evolution of development of this application, starting from the architectural design criteria, to the definition of fuzzers and generators, encompassing also the graphical user interface. Key areas covered will include:
Overview
- Designing fuzz categories (OWASP Testing Guide v2)
- Recursive fuzzing
- Replasive fuzzing
- How to build a core java fuzzing framework
- The need for BigInteger
- Fuzzers are iterators
- Limitations in implementing default HTTP/S connections
- Why not use a HTTP Commons implementation
- Calculating POST length re-writes
- GUI Design
- Sticking to Swing and AWT
- Building a standalone application
- Expanding JBroFuzz
- What is inside the jar file
- Implement your own fuzzer by extending JBroFuzz
This presentation will be interactive, with a number of demonstrations, relating to JBroFuzz's functionality and operation.
