[fuzzing] Hey all
Sergio 'shadown' Alvarez
shadown at gmail.com
Mon Mar 17 13:29:02 CDT 2008
Hi *,
Just to make the long story short.
If you mean fuzzing as following an RFC implement the specs as they
should be and so, then that is the something similar to perform a decent
Unitesting or Algorithm/Function testing, that would be so easy that I
think a 'Certification' is waaaaay to much.
Now, if you talk about fuzzing as it should be: Taking a target
application, combining reverse engineering to make your fuzzer cover all
the possible path-flows (not just code coverage) and instrument your
fuzzer to target specific areas. In that case fuzzing would be:
Fuzzing+Reverse Engineering+Runtime Analysis. To cover that the skills
level is waaay superior to the previous one.
Then you get into the RE field...so please don't come with something
like, reverse engineering certifications....because it's so huge that
only very few guys are real authorities to talk about it.
That said, fuzzing is JUST ONE PART of the whole 'application
pentesting/auditing', where proper skills level and creativity are needed.
So, no, I don't think fuzzing is certifiable, and I'm sure a lot of
people agree with me.
Cheers,
Sergio
More information about the fuzzing
mailing list