FuzzDB, Seclist, and Big List of Naughty Strings are data input sources for security fuzz testing. Here, we will introduce how to dynamically generate your own security payloads for fuzz testing based on needs. Fuzz testing is a testing technique used to explore unexpected data input that can cause potential security issues such as buffer overflows, unhandled exceptions, or data injection attacks. Fuzz testing requires a massive systematic random data input, called a fuzz, to test the target application in an attempt to make it crash or go out of service.
The following diagram shows the relationship between the fuzz data, testing tools, and ZAP in web security. We will demonstrate the uses of Radamsa to generate testing data, and illustrate how to apply data-driven testing (DDT) techniques and testing tools to send fuzz data for web security testing. OWASP...