MSDN Webcast: Security Talk: File Fuzzing for Fun and Profit (Level 300)
Fuzzing is the most commonly used method for finding security flaws in software, but fuzzing can also be used by development teams to find and fix security holes before deployment. File fuzzing is a simple concept that is too often overlooked as a way to better secure applications that receive file input. This webcast explains how file fuzzing works, but mainly the presenter focuses on how to do file fuzzing practically, using both home-made and commercially available tools. The webcast shows how to generate the input and automate the testing process. The webcast also discusses the feasibility of covering entire search spaces and the various aspects and trade-offs of choosing different attack vectors.