FuzzDB
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. Attack Patterns - FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, http header crlf injections, SQL injection, NoSQL injection, and more. Discovery - The popularity of standard software packaging distribution formats and installers resulted in resources like logfiles and administrative directories frequently being located in a small number of predictable locations. FuzzDB contains a comprehensive dictionary, sor
FEATURES
SIMILAR TOOLS
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
Web-application vulnerability scanner with extensive coverage of security testing modules.
A vulnerable Android application demonstrating various security issues and vulnerabilities
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A hybrid mobile app for Android that intentionally contains vulnerabilities for testing and education
Vulnerable Android application for learning security concepts.
A Capture The Flag (CTF) platform for testing computer security skills
Weekly security newsletter with advisories from major software vendors
Automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.