Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit. DAST and fuzzing are two popular, important, and proven security testing methods. DAST (dynamic application security testing) searches for security vulnerabilities and weaknesses by executing the application, whilst fuzz testing – or fuzzing – is an automated software testing method that injects invalid, malformed or unexpected inputs into a system to reveal software defects and vulnerabilities. Fuzz is also a form of dynamic testing and can be seen as a form of DAST with its own specific technology of testing.
Where typical, classic DAST solutions use black-box testing, fuzzing may apply white-box testing. Solely relying on DAST tools doesn’t necessarily give you an advantage over attackers, as attackers can also employ similar tools. To detect weaknesses earlier than attackers, companies need to leverage their knowledge about internal design. This is where the white-box fuzz testing approach is helpful.
Fuzz testing can be especially useful because malicious hackers often use fuzzing techniques to find software vulnerabilities. Fuzzing also helps you to uncover bugs that would not have been detected through more conventional testing methods (such as static analysis) or manual audits.
*** This is a Security Bloggers Network syndicated blog from Code Intelligence Blog authored by Natalia Kazankova. Read the original post at: https://www.code-intelligence.com/blog/from-dast-to-dawn-why-fuzzing-is-the-better-solution