Google touts Flayer fuzzing tool - Security Bytes

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > Google touts Flayer fuzzing tool

» VIEW ALL POSTS Sep 18 2007 12:34PM GMT

Google touts Flayer fuzzing tool

Posted by: Bill Brenner

Application Security, Security Management

Search giant Google continues to make a big splash on the security front, inviting visitors to the Google Online Security Blog to try out Flayer, its new fuzzing tool.

Says Will Drewry of the Google security team: “At WOOT’07 I presented a paper on Flayer, a tool we developed internally to augment our security testing efforts. In particular, it allows for a fuzz testing technique that compromises between the original idea and the most complicated. Flayer makes it possible to remove input sanity checks at execution time. With the small investment of identifying these checks, Flayer allows for completely random testing to be performed with much higher efficacy. Already, we’ve uncovered multiple vulnerabilities in Internet-critical software using this approach.”

While Flayer is still in its early stages, he says it’s fully functional and available for download under the GNU Public License. He says external contributions and feedback are encouraged.

Google isn’t the only one to make new contributions to the fuzzing community.

Pedram Amini, head of TippingPoint’s security research group, has been busy with colleague Aaron Portnoy touting a fuzzing tool called the Sulley framework. He also co-wrote the recently-released book “Fuzzing: Brute Force Vulnerability Discovery” along with Michael Sutton and Adam Greene.

You can read more about Amini’s efforts in our recent Q&A feature.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe Flash, Antivirus, antivirus software, Application Security, banking Trojan, card security, cloud security services, Compliance, Conficker, cybersecurity coordinator, Data Breaches and Identity Theft, Data Breaches and Identity Theft, data security, DHS, DLP technologies, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, Laws, Investigations and Ethics, malicious URLs, Microsoft Security, Microsoft Security Essentials, Mozilla security, Network Security, patch management, patching, PCI compliance, Phishing, Platform Security, Privacy, ransomeware, Rogue Antivirus, Security, security budgets, security conference, security jobs, Security Management, security research, Security Vendor News, ShmooCon, shortened URLs, social networking flaws, tokenization, Twitter security, Uncategorized, web application flaws, webmail security, Zeus Trojan

Security Wire Daily News

brought to you by SearchSecurity.com

Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

Hackers to sharpen malware, malicious software in 2010
Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.

Health Net healthcare data breach affects1.5 million
A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net custom...READ MORE

Massive T-Mobile UK security breach involves insiders
A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors.

InZero Systems launches hardware-based security gateway
New InZero gateway uses hardware to halt malware by separating the endpoint from the network and isolating desktop software.

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)