Security Glossary

The process of finding hidden or unlinked content on a website, including files, directories, API endpoints, and other resources that are not directly accessible through normal navigation.

A technique used to find hidden directories and files on a web server by systematically testing different path names against the server.

A fuzzing approach that uses genetic algorithms to evolve inputs that maximize code coverage or other fitness criteria, helping to discover deeper bugs in the application.

An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Another term for fuzzing, it's a quality assurance technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting massive amounts of random data to the system in an attempt to make it crash.

A fast web fuzzer written in Go, designed to fuzz various aspects of web applications. It's known for its high performance, flexibility, and powerful filtering capabilities.

In fuzzing, a result that appears to indicate a vulnerability or issue but is actually benign or not exploitable in practice.

In fuzzing, a failure to detect an actual vulnerability or issue that exists in the target application.

FuFF's capability to filter results based on status codes, response sizes, word counts, or regular expressions to reduce noise and focus on meaningful findings.

A fuzzing approach where inputs are created from scratch based on specifications or models of the input format. This approach is powerful when testing systems with complex input structures.

A fuzzing technique that uses formal grammars to generate syntactically correct but semantically unusual inputs, making it ideal for testing parsers and interpreters.

The process of providing various inputs to an application's input fields to test how it handles different types of data, including valid, invalid, and edge cases.

A fuzzing approach that takes existing valid inputs (samples) and mutates them to create test cases. It's effective when you have access to valid input samples and want to explore variations around them.

A specialized form of fuzzing that targets network protocols by generating valid but potentially malicious protocol messages to identify vulnerabilities in protocol implementations.

A technique that focuses on testing different parameter names and values in URL query strings or form data to discover hidden parameters or vulnerabilities.

The process of filtering fuzzing results to reduce noise and focus on meaningful findings, typically based on response codes, sizes, content, or other criteria.

The process of testing different URL paths and parameters to discover hidden endpoints, directories, files, or vulnerabilities in a web application.

A tool designed specifically for fuzzing web applications by manipulating HTTP requests, including URL parameters, form inputs, headers, and cookies to discover vulnerabilities or hidden content.

A tool designed to test web applications for vulnerabilities by automatically submitting various inputs to forms, URL parameters, API endpoints, and other input points.

A collection of words, phrases, or patterns used in fuzzing and brute force attacks to systematically test different inputs against a target system.