Google's security team has released a fuzz testing tool that was used internally to find multiple vulnerabilities in Internet-critical software products.
The fuzzer, called Flayer, is an analysis and flow alteration tool that has been used to find errors in real software. In the past year, results from Flayer has led to the discovery of security holes in several open-source products, including OpenSSH, OpenSSL, LibTIFF and libPNG.
Fuzz testers, or fuzzers, are used during pen tests to pinpoint security vulnerabilities by sending random input to an application. If the program contains a vulnerability that leads to an exception, crash or server error, researchers can parse the results of the test to pinpoint the cause of the crash.
ALSO SEE: Microsoft security guru: Get fuzzing