Here comes the FuzzDB

fuzzComposing test data is hard and composing security test data is many times harder, so the introduction of FuzzDB by Adam Muntner of the Mozilla security team is worth looking at for those who want to more effectively check the security of their applications. FuzzDB isn’t a database per se, but a collection of collections of categorised documents and includes:

and of course some documentation. All of this can be found on the FuzzDB project page on Google Code. Muntner offers a range of uses for the plain text documents of FuzzDB such as driving web app penetration tools, building automated scanners, checking for malicious inputs and testing network services. Over the next year he plans to move FuzzDB to a wiki to improve collaboration around its content, update various components, improve others, work out a consistent naming scheme and make it work better with OWASP’s ZED (Zed Attack Proxy) and Mozilla’s own Minion.