It’s time again to do some good ol’ down home fuzzing on Windows and can’t forget to enable full page heap checking, else I could miss some important heap corruption issues. So to remind myself how to do this, let’s see:
1. First off, use a release version of the target application, not a debug! [...]
So we want to fuzz something SOAPy, again. Well here’s how we’re gonna do it. The approach I like to take with clients is a gray-box, or code-assisted penetration testing. Gray box analysis is a powerful technique combining input testing with source analysis, runtime tracing, profiling, and debugging to identify real issues [...]
Also tagged web servicesIs it worth the time to run input fuzzing tests against web services? When engaging a client for a security review I’m often the one to pose this question. Sure, why not… right? Well honestly there’s a more precise way to answer this question. First we really need to understand the [...]
Also tagged web services