CINXE.COM

Fuzzing: Common Tools and Techniques | Coalfire

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="/favicon.png" /> <link rel="stylesheet" href="https://use.typekit.net/rln4yer.css"> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Lustria&display=swap" rel="stylesheet"> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-M5HMLKB');</script> <!-- End Google Tag Manager --> <script type="module" src="https://coalfire.com/dist/main-7ae81909.js" crossorigin onload="e=new CustomEvent(&#039;vite-script-loaded&#039;, {detail:{path: &#039;assets/js/main.js&#039;}});document.dispatchEvent(e);"></script> <link href="https://coalfire.com/dist/main-781c4d01.css" rel="stylesheet"> <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script> <title>Fuzzing: Common Tools and Techniques | Coalfire</title><meta name="generator" content="SEOmatic"> <meta name="description" content="Fuzzing is a software testing methodology that can be used from either a black or white box perspective."> <meta name="referrer" content="no-referrer-when-downgrade"> <meta name="robots" content="max-image-preview:large,max-snippet:-1,max-video-preview:-1"> <meta content="en_US" property="og:locale"> <meta content="Coalfire" property="og:site_name"> <meta content="website" property="og:type"> <meta content="https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques" property="og:url"> <meta content="Fuzzing: Common Tools and Techniques" property="og:title"> <meta content="Fuzzing is a software testing methodology that can be used from either a black or white box perspective." property="og:description"> <meta content="https://assets.coalfire.com/prod/images/transforms/_1200x630_crop_center-center_82_none/default-card.png?mtime=1710449265" property="og:image"> <meta content="1200" property="og:image:width"> <meta content="630" property="og:image:height"> <meta content="https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg" property="og:see_also"> <meta content="https://www.linkedin.com/company/coalfire-systems-inc-/" property="og:see_also"> <meta content="https://www.facebook.com/coalfiresys/" property="og:see_also"> <meta content="https://twitter.com/coalfire" property="og:see_also"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@CoalfireSys"> <meta name="twitter:creator" content="@CoalfireSys"> <meta name="twitter:title" content="Fuzzing: Common Tools and Techniques"> <meta name="twitter:description" content="Fuzzing is a software testing methodology that can be used from either a black or white box perspective."> <meta name="twitter:image" content="https://assets.coalfire.com/prod/images/transforms/_800x418_crop_center-center_82_none/default-card.png?mtime=1710449265"> <meta name="twitter:image:width" content="800"> <meta name="twitter:image:height" content="418"> <link href="https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques" rel="canonical"> <link href="https://coalfire.com/" rel="home"> <link type="text/plain" href="https://coalfire.com/humans.txt" rel="author"></head> <body class="blog-page" > <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M5HMLKB" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <svg style="visibility: hidden; position: absolute; height: 0" width="0" height="0"> <defs> <filter id="svg-round"> <feGaussianBlur in="SourceGraphic" stdDeviation="5" result="blur" /> <feColorMatrix in="blur" mode="matrix" values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 19 -9" result="goo" /> <feComposite in="SourceGraphic" in2="goo" operator="atop"/> </filter> <linearGradient id="maggradient" gradientUnits="userSpaceOnUse" x1="29.2105" y1="57.6593" x2="21.6378" y2="5.7308" gradientTransform="matrix(1 0 0 -1 0 58.922)"> <stop offset="0" style="stop-color:#65D2E7"/> <stop offset="1" style="stop-color:#ECFFD3"/> </linearGradient> <linearGradient id="quotegradient" gradientUnits="userSpaceOnUse" x1="18.5046" y1="33.3031" x2="18.4009" y2="1.6873" gradientTransform="matrix(1 0 0 -1 0 33.3128)"> <stop offset="0" style="stop-color:#65D2E7"/> <stop offset="1" style="stop-color:#ECFFD3"/> </linearGradient> <linearGradient id="standardIconGradient" gradientTransform="rotate(90)"> <stop offset="0" stop-color="#65D2E7" /> <stop offset="1" stop-color="#ECFFD3" /> </linearGradient> <linearGradient id="dotsGradient" x1="1.49414" y1="2.23047" x2="282.432" y2="-55.9824" gradientUnits="userSpaceOnUse"> <stop stop-color="#65D2E7"/> <stop offset="1" stop-color="#ECFFD3"/> </linearGradient> </defs> </svg> <svg style="display:none;height:0;"> <symbol id="fa-arrow-right-long" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M502.6 278.6c12.5-12.5 12.5-32.8 0-45.3l-128-128c-12.5-12.5-32.8-12.5-45.3 0s-12.5 32.8 0 45.3L402.7 224 32 224c-17.7 0-32 14.3-32 32s14.3 32 32 32l370.7 0-73.4 73.4c-12.5 12.5-12.5 32.8 0 45.3s32.8 12.5 45.3 0l128-128z"/> </symbol> <symbol id="fa-arrow-left-long" viewBox="0 0 512 512"> <path d="M9.4 233.4c-12.5 12.5-12.5 32.8 0 45.3l128 128c12.5 12.5 32.8 12.5 45.3 0s12.5-32.8 0-45.3L109.3 288 480 288c17.7 0 32-14.3 32-32s-14.3-32-32-32l-370.7 0 73.4-73.4c12.5-12.5 12.5-32.8 0-45.3s-32.8-12.5-45.3 0l-128 128z"/> <symbol id="fa-angle-down" viewBox="0 0 448 512"> </symbol> <symbol id="fa-angle-down" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M212.7 331.3c6.2 6.2 16.4 6.2 22.6 0l160-160c6.2-6.2 6.2-16.4 0-22.6s-16.4-6.2-22.6 0L224 297.4 75.3 148.7c-6.2-6.2-16.4-6.2-22.6 0s-6.2 16.4 0 22.6l160 160z"/> </symbol> <symbol id="fa-angle-down-light" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M218.3 333.7c3.1 3.1 8.2 3.1 11.3 0l176-176c3.1-3.1 3.1-8.2 0-11.3s-8.2-3.1-11.3 0L224 316.7 53.7 146.3c-3.1-3.1-8.2-3.1-11.3 0s-3.1 8.2 0 11.3l176 176z"/> </symbol> <symbol id="fa-arrow-right-long-light" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M507.3 267.3c6.2-6.2 6.2-16.4 0-22.6l-144-144c-6.2-6.2-16.4-6.2-22.6 0s-6.2 16.4 0 22.6L457.4 240 16 240c-8.8 0-16 7.2-16 16s7.2 16 16 16l441.4 0L340.7 388.7c-6.2 6.2-6.2 16.4 0 22.6s16.4 6.2 22.6 0l144-144z"/> </symbol> <symbol id="fa-arrow-right-long-heavy" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M502.6 278.6c12.5-12.5 12.5-32.8 0-45.3l-128-128c-12.5-12.5-32.8-12.5-45.3 0s-12.5 32.8 0 45.3L402.7 224 32 224c-17.7 0-32 14.3-32 32s14.3 32 32 32l370.7 0-73.4 73.4c-12.5 12.5-12.5 32.8 0 45.3s32.8 12.5 45.3 0l128-128z"/> </symbol> <symbol id="fa-arrow-left-long-heavy" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M9.4 233.4c-12.5 12.5-12.5 32.8 0 45.3l128 128c12.5 12.5 32.8 12.5 45.3 0s12.5-32.8 0-45.3L109.3 288 480 288c17.7 0 32-14.3 32-32s-14.3-32-32-32l-370.7 0 73.4-73.4c12.5-12.5 12.5-32.8 0-45.3s-32.8-12.5-45.3 0l-128 128z"/> </symbol> <symbol id="fa-angle-left" viewBox="0 0 320 512"> <path fill="var(--fill-color, currentColor)" d="M52.7 267.3c-6.2-6.2-6.2-16.4 0-22.6l160-160c6.2-6.2 16.4-6.2 22.6 0s6.2 16.4 0 22.6L86.6 256 235.3 404.7c6.2 6.2 6.2 16.4 0 22.6s-16.4 6.2-22.6 0l-160-160z"/> </symbol> <symbol id="fa-angle-right" viewBox="0 0 320 512"> <path d="M278.6 256l-11.3 11.3-160 160L96 438.6 73.4 416l11.3-11.3L233.4 256 84.7 107.3 73.4 96 96 73.4l11.3 11.3 160 160L278.6 256z"/> </symbol> <symbol id="fa-square-facebook" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M64 32C28.7 32 0 60.7 0 96V416c0 35.3 28.7 64 64 64h98.2V334.2H109.4V256h52.8V222.3c0-87.1 39.4-127.5 125-127.5c16.2 0 44.2 3.2 55.7 6.4V172c-6-.6-16.5-1-29.6-1c-42 0-58.2 15.9-58.2 57.2V256h83.6l-14.4 78.2H255V480H384c35.3 0 64-28.7 64-64V96c0-35.3-28.7-64-64-64H64z"/> </symbol> <symbol id="fa-x-twitter" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"/> </symbol> <symbol id="fa-linkedin-in" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M100.3 448H7.4V148.9h92.9zM53.8 108.1C24.1 108.1 0 83.5 0 53.8a53.8 53.8 0 0 1 107.6 0c0 29.7-24.1 54.3-53.8 54.3zM447.9 448h-92.7V302.4c0-34.7-.7-79.2-48.3-79.2-48.3 0-55.7 37.7-55.7 76.7V448h-92.8V148.9h89.1v40.8h1.3c12.4-23.5 42.7-48.3 87.9-48.3 94 0 111.3 61.9 111.3 142.3V448z"/> </symbol> <symbol id="fa-youtube" viewBox="0 0 576 512"> <path fill="var(--fill-color, currentColor)" d="M549.7 124.1c-6.3-23.7-24.8-42.3-48.3-48.6C458.8 64 288 64 288 64S117.2 64 74.6 75.5c-23.5 6.3-42 24.9-48.3 48.6-11.4 42.9-11.4 132.3-11.4 132.3s0 89.4 11.4 132.3c6.3 23.7 24.8 41.5 48.3 47.8C117.2 448 288 448 288 448s170.8 0 213.4-11.5c23.5-6.3 42-24.2 48.3-47.8 11.4-42.9 11.4-132.3 11.4-132.3s0-89.4-11.4-132.3zm-317.5 213.5V175.2l142.7 81.2-142.7 81.2z"/> </symbol> <symbol id="fa-magnifying-glass" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M368 208A160 160 0 1 0 48 208a160 160 0 1 0 320 0zM337.1 371.1C301.7 399.2 256.8 416 208 416C93.1 416 0 322.9 0 208S93.1 0 208 0S416 93.1 416 208c0 48.8-16.8 93.7-44.9 129.1l124 124 17 17L478.1 512l-17-17-124-124z"/> </symbol> <symbol id="fa-instagram" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M224.1 141c-63.6 0-114.9 51.3-114.9 114.9s51.3 114.9 114.9 114.9S339 319.5 339 255.9 287.7 141 224.1 141zm0 189.6c-41.1 0-74.7-33.5-74.7-74.7s33.5-74.7 74.7-74.7 74.7 33.5 74.7 74.7-33.6 74.7-74.7 74.7zm146.4-194.3c0 14.9-12 26.8-26.8 26.8-14.9 0-26.8-12-26.8-26.8s12-26.8 26.8-26.8 26.8 12 26.8 26.8zm76.1 27.2c-1.7-35.9-9.9-67.7-36.2-93.9-26.2-26.2-58-34.4-93.9-36.2-37-2.1-147.9-2.1-184.9 0-35.8 1.7-67.6 9.9-93.9 36.1s-34.4 58-36.2 93.9c-2.1 37-2.1 147.9 0 184.9 1.7 35.9 9.9 67.7 36.2 93.9s58 34.4 93.9 36.2c37 2.1 147.9 2.1 184.9 0 35.9-1.7 67.7-9.9 93.9-36.2 26.2-26.2 34.4-58 36.2-93.9 2.1-37 2.1-147.8 0-184.8zM398.8 388c-7.8 19.6-22.9 34.7-42.6 42.6-29.5 11.7-99.5 9-132.1 9s-102.7 2.6-132.1-9c-19.6-7.8-34.7-22.9-42.6-42.6-11.7-29.5-9-99.5-9-132.1s-2.6-102.7 9-132.1c7.8-19.6 22.9-34.7 42.6-42.6 29.5-11.7 99.5-9 132.1-9s102.7-2.6 132.1 9c19.6 7.8 34.7 22.9 42.6 42.6 11.7 29.5 9 99.5 9 132.1s2.7 102.7-9 132.1z"/> </symbol> <symbol id="fa-circle-play" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M0 256a256 256 0 1 1 512 0A256 256 0 1 1 0 256zM188.3 147.1c-7.6 4.2-12.3 12.3-12.3 20.9V344c0 8.7 4.7 16.7 12.3 20.9s16.8 4.1 24.3-.5l144-88c7.1-4.4 11.5-12.1 11.5-20.5s-4.4-16.1-11.5-20.5l-144-88c-7.4-4.5-16.7-4.7-24.3-.5z"/> </symbol> <symbol id="fa-hexagon-xmark" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M36.9 256L146.6 64H365.4L475.1 256 365.4 448H146.6L36.9 256zM128 32L0 256 128 480H384L512 256 384 32H128zm63.4 136.8l-22.6 22.6 11.3 11.3L233.4 256l-53.3 53.3-11.3 11.3 22.6 22.6 11.3-11.3L256 278.6l53.3 53.3 11.3 11.3 22.6-22.6-11.3-11.3L278.6 256l53.3-53.3 11.3-11.3-22.6-22.6-11.3 11.3L256 233.4l-53.3-53.3-11.3-11.3z"/> </symbol> <symbol id="mag-with-gradient" viewBox="0 0 48.2 57"> <path fill="url(#maggradient)" d="M8.1,4.2c4.4-3.3,9.8-4.5,14.9-3.8s9.9,3.4,13.2,7.8c3.3,4.4,4.5,9.8,3.8,14.9c-0.6,4.4-2.7,8.6-6.1,11.8 L47.6,53c0.7,1,0.5,2.4-0.4,3.1c-1,0.7-2.4,0.5-3.1-0.4L30.4,37.5c-4,2.4-8.6,3.2-13,2.6c-5.1-0.7-9.9-3.4-13.2-7.8 c-3.3-4.4-4.5-9.8-3.8-14.9C1,12.3,3.7,7.5,8.1,4.2z M22.3,4.7c-4-0.6-8.1,0.4-11.6,3C7.3,10.3,5.2,14,4.6,18c-0.6,4,0.4,8.1,3,11.6 c2.6,3.5,6.3,5.5,10.3,6.1c4,0.6,8.1-0.4,11.6-3c3.5-2.6,5.5-6.3,6.1-10.3c0.6-4-0.4-8.1-3-11.6C30.1,7.4,26.3,5.3,22.3,4.7z"/> </symbol> <symbol id="quote-gradient" viewBox="0 0 37.1 31.7"> <path fill="url(#quotegradient)" d="M34.6,0c1.5,0,2.3,0.7,2.3,2.2C36.9,3,36.6,3.6,36,4c-4.4,3.3-6.8,7.2-7,11.6c2.6,0.2,4.5,1,5.9,2.6 c1.4,1.5,2,3.3,2,5.5c0,2.1-0.8,4-2.3,5.6c-1.5,1.5-3.4,2.3-5.6,2.3c-2.2,0-4.1-0.9-5.8-2.7c-1.6-1.8-2.4-4.6-2.4-8.3 c0-3.8,1.3-7.6,3.8-11.5s5.3-6.7,8.2-8.4C33.5,0.2,34,0,34.6,0z M13.8,0c1.5,0,2.3,0.7,2.3,2.2c0,0.8-0.3,1.4-0.9,1.8 c-4.4,3.3-6.8,7.2-7,11.6c2.6,0.2,4.5,1,5.9,2.6c1.4,1.5,2,3.3,2,5.5c0,2.1-0.8,4-2.3,5.6c-1.5,1.5-3.4,2.3-5.6,2.3 c-2.2,0-4.1-0.9-5.8-2.7C0.8,27.1,0,24.4,0,20.6C0,16.9,1.3,13,3.8,9.1S9.1,2.4,12,0.6C12.7,0.2,13.3,0,13.8,0z"/> </symbol> <symbol id="fa-plus-gradient" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M256 80V48H192V80 224H48 16v64H48 192V432v32h64V432 288H400h32V224H400 256V80z"/> </symbol> <symbol id="tag-icon" viewBox="0 0 12 12"> <path fill="var(--fill-color, currentColor)" d="M0,5.9V1.1C0,0.5,0.5,0,1.1,0h4.8c0.3,0,0.6,0.1,0.8,0.3l5,5c0.4,0.4,0.4,1.2,0,1.6l-4.8,4.8 c-0.4,0.4-1.2,0.4-1.6,0l-5-5C0.1,6.5,0,6.2,0,5.9L0,5.9z M2.6,1.5C2,1.5,1.5,2,1.5,2.6c0,0.6,0.5,1.1,1.1,1.1s1.1-0.5,1.1-1.1 C3.8,2,3.2,1.5,2.6,1.5z"/> </symbol> <symbol id="fa-calendar" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M152 24c0-13.3-10.7-24-24-24s-24 10.7-24 24V64H64C28.7 64 0 92.7 0 128v16 48V448c0 35.3 28.7 64 64 64H384c35.3 0 64-28.7 64-64V192 144 128c0-35.3-28.7-64-64-64H344V24c0-13.3-10.7-24-24-24s-24 10.7-24 24V64H152V24zM48 192H400V448c0 8.8-7.2 16-16 16H64c-8.8 0-16-7.2-16-16V192z"/> </symbol> <symbol id="fa-location-dot" viewBox="0 0 384 512"> <path fill="var(--fill-color, currentColor)" d="M192 512s192-208 192-320C384 86 298 0 192 0S0 86 0 192C0 304 192 512 192 512zm0-384a64 64 0 1 1 0 128 64 64 0 1 1 0-128z"/> </symbol> <symbol id="fa-clock" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M464 256A208 208 0 1 1 48 256a208 208 0 1 1 416 0zM0 256a256 256 0 1 0 512 0A256 256 0 1 0 0 256zM232 120V256c0 8 4 15.5 10.7 20l96 64c11 7.4 25.9 4.4 33.3-6.7s4.4-25.9-6.7-33.3L280 243.2V120c0-13.3-10.7-24-24-24s-24 10.7-24 24z"/> </symbol> <symbol id="X" viewBox="0 0 384 512"> <path fill="var(--fill-color, currentColor)" d="M380.2 58.3c5.7-6.7 4.9-16.8-1.9-22.5s-16.8-4.9-22.6 1.9L192 231.2 28.2 37.7c-5.7-6.7-15.8-7.6-22.5-1.9s-7.6 15.8-1.9 22.5L171 256 3.8 453.7c-5.7 6.7-4.9 16.8 1.9 22.6s16.8 4.9 22.5-1.9L192 280.8 355.8 474.3c5.7 6.7 15.8 7.6 22.6 1.9s7.6-15.8 1.9-22.6L213 256 380.2 58.3z"/> </symbol> </svg> <svg style="display:none;height:0;"> <symbol id="site-logo" viewBox="0 0 164 18"> <path fill="#3F4644" d="M0,9L0,9c0-0.9,0.2-1.8,0.5-2.6c0.3-0.8,0.8-1.5,1.4-2.1c0.6-0.6,1.4-1.1,2.2-1.4s1.7-0.5,2.5-0.4 c0.9,0,1.9,0.1,2.7,0.5c0.9,0.3,1.7,0.9,2.3,1.5l-1.4,1.6c-1-0.9-2.1-1.6-3.6-1.6c-2.4,0-4.2,2-4.2,4.5v0c0,2.5,1.8,4.5,4.2,4.5 c1.6,0,2.6-0.6,3.7-1.6l1.5,1.4c-0.7,0.7-1.5,1.3-2.4,1.7c-0.9,0.4-1.9,0.6-2.9,0.5c-0.9,0-1.7-0.1-2.5-0.5 c-0.8-0.3-1.5-0.8-2.1-1.4c-0.6-0.6-1.1-1.3-1.4-2.1C0.1,10.8,0,9.9,0,9z"/> <path fill="#3F4644" d="M54.7,10.3l-2.2-5.1l-2.2,5.1H54.7z M51.5,2.6h2.1l5.7,12.8h-2.4l-1.3-3.1h-6.1l-1.3,3.1h-2.3L51.5,2.6z"/> <path fill="#3F4644" d="M70.6,2.7h2.3v10.6h6.8v2h-9V2.7z"/> <path fill="#3F4644" d="M91.1,2.7h9.6v2h-7.3v3.5h6.5v2h-6.5v5.2h-2.3V2.7z"/> <path fill="#3F4644" d="M114.8,2.7h-2.3v12.7h2.3V2.7z"/> <path fill="#3F4644" d="M132.9,8.9c1.6,0,2.6-0.8,2.6-2.1v0c0-1.4-1-2.1-2.7-2.1h-3.3v4.3H132.9z M127.4,2.7h5.7 c1.6,0,2.9,0.5,3.7,1.3c0.3,0.4,0.6,0.8,0.8,1.3c0.2,0.5,0.3,1,0.3,1.5v0c0,2.1-1.3,3.3-3,3.8l3.5,4.8h-2.7l-3.2-4.4h-2.8v4.4 h-2.3V2.7z"/> <path fill="#3F4644" d="M31.8,0l-6.5,3.7v7.4l6.5,3.7l6.5-3.7V3.7L31.8,0z M27.4,10v-5l4.4-2.5l4.4,2.5v5l-4.4,2.5L27.4,10z"/> <path fill="#D5541C" d="M19.8,6.8v7.4l6.5,3.7l6.5-3.7V6.8l-6.5-3.7L19.8,6.8z M21.9,13.1V8l4.4-2.5L30.8,8v5l-4.4,2.5L21.9,13.1z"/> <path fill="#3F4644" d="M149.8,2.7h9.5v2h-7.3V8h6.4v2h-6.4v3.4h7.4v2h-9.6V2.7z"/> <path fill="#3F4644" d="M162.3,13.9h-0.3v0.4h0.3c0.2,0,0.3-0.1,0.3-0.2C162.5,13.9,162.4,13.9,162.3,13.9z M162.5,14.5l0.4,0.5h-0.3 l-0.3-0.5h-0.3V15h-0.3v-1.4h0.6c0.3,0,0.5,0.2,0.5,0.4c0,0.1,0,0.2-0.1,0.3C162.7,14.4,162.6,14.4,162.5,14.5z M162.2,13.2 c-0.2,0-0.5,0.1-0.6,0.2c-0.2,0.1-0.3,0.3-0.4,0.5c-0.1,0.2-0.1,0.4-0.1,0.7s0.2,0.4,0.3,0.6c0.2,0.2,0.4,0.3,0.6,0.3 c0.2,0,0.5,0,0.7-0.1c0.2-0.1,0.4-0.2,0.5-0.4c0.1-0.2,0.2-0.4,0.2-0.6c0-0.2,0-0.3-0.1-0.4c-0.1-0.1-0.1-0.3-0.3-0.4 c-0.1-0.1-0.2-0.2-0.4-0.3C162.5,13.2,162.4,13.2,162.2,13.2z M162.2,15.6c-0.3,0-0.5-0.1-0.7-0.2c-0.2-0.1-0.4-0.3-0.5-0.6 c-0.1-0.2-0.1-0.5-0.1-0.7c0.1-0.2,0.2-0.5,0.4-0.7c0.2-0.2,0.4-0.3,0.7-0.3c0.2,0,0.5,0,0.7,0.1c0.2,0.1,0.4,0.3,0.6,0.5 c0.1,0.2,0.2,0.5,0.2,0.7c0,0.2,0,0.3-0.1,0.5c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.2-0.4,0.3 C162.5,15.6,162.4,15.6,162.2,15.6z"/> </symbol> <symbol id="site-logo-light" viewBox="0 0 164 18"> <path fill="#ffffff" d="M0,9L0,9c0-0.9,0.2-1.8,0.5-2.6c0.3-0.8,0.8-1.5,1.4-2.1c0.6-0.6,1.4-1.1,2.2-1.4s1.7-0.5,2.5-0.4 c0.9,0,1.9,0.1,2.7,0.5c0.9,0.3,1.7,0.9,2.3,1.5l-1.4,1.6c-1-0.9-2.1-1.6-3.6-1.6c-2.4,0-4.2,2-4.2,4.5v0c0,2.5,1.8,4.5,4.2,4.5 c1.6,0,2.6-0.6,3.7-1.6l1.5,1.4c-0.7,0.7-1.5,1.3-2.4,1.7c-0.9,0.4-1.9,0.6-2.9,0.5c-0.9,0-1.7-0.1-2.5-0.5 c-0.8-0.3-1.5-0.8-2.1-1.4c-0.6-0.6-1.1-1.3-1.4-2.1C0.1,10.8,0,9.9,0,9z"/> <path fill="#ffffff" d="M54.7,10.3l-2.2-5.1l-2.2,5.1H54.7z M51.5,2.6h2.1l5.7,12.8h-2.4l-1.3-3.1h-6.1l-1.3,3.1h-2.3L51.5,2.6z"/> <path fill="#ffffff" d="M70.6,2.7h2.3v10.6h6.8v2h-9V2.7z"/> <path fill="#ffffff" d="M91.1,2.7h9.6v2h-7.3v3.5h6.5v2h-6.5v5.2h-2.3V2.7z"/> <path fill="#ffffff" d="M114.8,2.7h-2.3v12.7h2.3V2.7z"/> <path fill="#ffffff" d="M132.9,8.9c1.6,0,2.6-0.8,2.6-2.1v0c0-1.4-1-2.1-2.7-2.1h-3.3v4.3H132.9z M127.4,2.7h5.7 c1.6,0,2.9,0.5,3.7,1.3c0.3,0.4,0.6,0.8,0.8,1.3c0.2,0.5,0.3,1,0.3,1.5v0c0,2.1-1.3,3.3-3,3.8l3.5,4.8h-2.7l-3.2-4.4h-2.8v4.4 h-2.3V2.7z"/> <path fill="#ffffff" d="M31.8,0l-6.5,3.7v7.4l6.5,3.7l6.5-3.7V3.7L31.8,0z M27.4,10v-5l4.4-2.5l4.4,2.5v5l-4.4,2.5L27.4,10z"/> <path fill="#D5541C" d="M19.8,6.8v7.4l6.5,3.7l6.5-3.7V6.8l-6.5-3.7L19.8,6.8z M21.9,13.1V8l4.4-2.5L30.8,8v5l-4.4,2.5L21.9,13.1z"/> <path fill="#ffffff" d="M149.8,2.7h9.5v2h-7.3V8h6.4v2h-6.4v3.4h7.4v2h-9.6V2.7z"/> <path fill="#ffffff" d="M162.3,13.9h-0.3v0.4h0.3c0.2,0,0.3-0.1,0.3-0.2C162.5,13.9,162.4,13.9,162.3,13.9z M162.5,14.5l0.4,0.5h-0.3 l-0.3-0.5h-0.3V15h-0.3v-1.4h0.6c0.3,0,0.5,0.2,0.5,0.4c0,0.1,0,0.2-0.1,0.3C162.7,14.4,162.6,14.4,162.5,14.5z M162.2,13.2 c-0.2,0-0.5,0.1-0.6,0.2c-0.2,0.1-0.3,0.3-0.4,0.5c-0.1,0.2-0.1,0.4-0.1,0.7s0.2,0.4,0.3,0.6c0.2,0.2,0.4,0.3,0.6,0.3 c0.2,0,0.5,0,0.7-0.1c0.2-0.1,0.4-0.2,0.5-0.4c0.1-0.2,0.2-0.4,0.2-0.6c0-0.2,0-0.3-0.1-0.4c-0.1-0.1-0.1-0.3-0.3-0.4 c-0.1-0.1-0.2-0.2-0.4-0.3C162.5,13.2,162.4,13.2,162.2,13.2z M162.2,15.6c-0.3,0-0.5-0.1-0.7-0.2c-0.2-0.1-0.4-0.3-0.5-0.6 c-0.1-0.2-0.1-0.5-0.1-0.7c0.1-0.2,0.2-0.5,0.4-0.7c0.2-0.2,0.4-0.3,0.7-0.3c0.2,0,0.5,0,0.7,0.1c0.2,0.1,0.4,0.3,0.6,0.5 c0.1,0.2,0.2,0.5,0.2,0.7c0,0.2,0,0.3-0.1,0.5c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.2-0.4,0.3 C162.5,15.6,162.4,15.6,162.2,15.6z"/> </symbol> </svg> <a href="#site-main" class="skip-link"> Skip to main content </a> <header class="siteHeader"> <div class="siteHeader__wrapper"> <a href="/" class="siteHeader__home"> <svg class="siteHeader__logo"> <use href="#site-logo" /> </svg> <span class="sr-only">Homepage</span> </a> <nav class="siteHeader__mobileNavigation mobileNavigation"> <button type="button" class="mobileNavigation__menuButton hamburger hamburger--collapse" aria-expanded="false" aria-controls="mobile-menu" data-menu-button="mobile-menu" data-open-with-transition="true" data-active-class="is-active" id="mobile-menu-button" > <span class="hamburger-box"> <span class="hamburger-inner"></span> </span> <span class="sr-only"> Mobile Menu </span> </button> <ul class="mobileNavigation__list" data-arrow-navigation data-menu="mobile-menu" aria-hidden="true" aria-labelledby="mobile-menu-button" data-active-class="mobileNavigation__list--active" id="mobile-menu" inert > <li class="mobileNavigation__item"> <form action="/search" method="GET" class="mobileNavigation__search search"> <svg class="search__icon"> <use href="#fa-magnifying-glass" /> </svg> <label for="search" class="sr-only">Search Coalfire.com</label> <input type="search" name="q" id="search" placeholder="Search Coalfire.com" class="mobileNavigation__searchInput search__input" data-search-input /> <button type="submit" class="mobileNavigation__inputButton button search__inputButton"> <svg class="search__inputButtonIcon"> <use href="#fa-arrow-right-long" /> </svg> </button> </form> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-1" data-menu-button="submenu-1" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Services <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-1" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-1" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-1"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Services </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/advisory" target=""> <h3 class="mobileNavigation__columnTitle"> Advisory </h3> Advisory services for FedRAMP, global compliance, cloud engineering, &amp; healthcare risk <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/assessment" target=""> <h3 class="mobileNavigation__columnTitle"> Assessment </h3> Compliance automation platform and audit services that simplify managing multiple compliance frameworks <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/security" target=""> <h3 class="mobileNavigation__columnTitle"> Security </h3> Threat-focused cybersecurity services with hacker and defender expertise <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfirefederal.com" target=""> <h3 class="mobileNavigation__columnTitle"> Federal </h3> CMMC advisory and assessment services from an experienced C3PAO <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-2" data-menu-button="submenu-2" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Industries <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-2" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-2" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-2"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Industries </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/financial-services" target=""> <h3 class="mobileNavigation__columnTitle"> Financial Services </h3> FinTech, payment processors, and banks decrease vulnerabilities using our services and to monitor 24/7 <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/healthcare-life-sciences" target=""> <h3 class="mobileNavigation__columnTitle"> Healthcare &amp; Life Sciences </h3> To remain HIPAA compliant, our cybersecurity services help you protect customer data 24/7 <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/retail" target=""> <h3 class="mobileNavigation__columnTitle"> Retail </h3> Retailers use our compliance services to improve security, assess cardholder data, and leverage a risk-based strategy approach to protect their customers <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/tech-software" target=""> <h3 class="mobileNavigation__columnTitle"> Tech &amp; Software </h3> Leading SaaS and IaaS companies achieve FedRAMP and implement GRC in less time <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-3" data-menu-button="submenu-3" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Resources <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-3" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-3" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-3"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Resources </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/insights/resources" target=""> <h3 class="mobileNavigation__columnTitle"> Resources </h3> View all resources <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <span class="mobileNavigation__columnType"> By Topic </span> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=application-security" target="" class="mobileNavigation__link"> Application security </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=cloud" target="" class="mobileNavigation__link"> Cloud </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=cmmc" target="" class="mobileNavigation__link"> CMMC </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=compliance" target="" class="mobileNavigation__link"> Compliance </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=compliance-essentials" target="" class="mobileNavigation__link"> Compliance Essentials </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=corporate" target="" class="mobileNavigation__link"> Corporate </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=strategy-privacy-and-risk" target="" class="mobileNavigation__link"> Cyber Risk </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=offensive-security" target="" class="mobileNavigation__link"> Cybersecurity </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=fedramp" target="" class="mobileNavigation__link"> FedRAMP® </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=hexeon" target="" class="mobileNavigation__link"> Hexeon® </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <span class="mobileNavigation__columnType"> By Type </span> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=case-studies" target="" class="mobileNavigation__link"> Case Studies </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=data-sheet" target="" class="mobileNavigation__link"> Data Sheets </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=reports" target="" class="mobileNavigation__link"> Reports </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=video" target="" class="mobileNavigation__link"> Video </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=webinars" target="" class="mobileNavigation__link"> Webinars </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=white-papers" target="" class="mobileNavigation__link"> White Papers </a> </li> </ul> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-4" data-menu-button="submenu-4" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > About <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-4" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-4" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-4"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> About </span> </h2> <div class="mobileNavigation__columnWrapper"> <h3 class="mobileNavigation__columnTitle"> Company </h3> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/our-story" target="" class="mobileNavigation__link"> The Coalfire Story </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/leadership" target="" class="mobileNavigation__link"> Leadership </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/diversity-and-inclusion" target="" class="mobileNavigation__link"> Diversity &amp; Inclusion </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/research-and-development" target="" class="mobileNavigation__link"> Research &amp; Development </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources/coalfire-academy-education/ai-risk-1" target="" class="mobileNavigation__link"> Education: Coalfire Academy </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/richard-dakin-fund" target="" class="mobileNavigation__link"> Richard E. Dakin Fund </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/partners" target="" class="mobileNavigation__link"> Partners </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/contact-us" target="" class="mobileNavigation__link"> Contact Us </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/careers" target="" class="mobileNavigation__link"> Careers </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <h3 class="mobileNavigation__columnTitle"> News &amp; Events </h3> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/press-releases" target="" class="mobileNavigation__link"> Press Releases </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/in-the-news" target="" class="mobileNavigation__link"> In the News </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/the-coalfire-blog" target="" class="mobileNavigation__link"> Coalfire® Articles </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/events" target="" class="mobileNavigation__link"> Events </a> </li> </ul> </div> </div> </li> </ul> </nav> <nav class="siteHeader__navigation navigation"> <ul class="navigation__list" data-arrow-navigation> <h2 class="navigation__heading sr-only"> Menu </h2> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-one" data-menu-button="menu-one" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-one-button" > Services <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-one" aria-hidden="true" aria-labelledby="menu-one-button" data-active-class="navigation__megaMenu--active" id="menu-one" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/advisory" target=""> <h3 class="megaMenu__columnTitle"> Advisory </h3> Advisory services for FedRAMP, global compliance, cloud engineering, &amp; healthcare risk <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/assessment" target=""> <h3 class="megaMenu__columnTitle"> Assessment </h3> Compliance automation platform and audit services that simplify managing multiple compliance frameworks <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/security" target=""> <h3 class="megaMenu__columnTitle"> Security </h3> Threat-focused cybersecurity services with hacker and defender expertise <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfirefederal.com" target=""> <h3 class="megaMenu__columnTitle"> Federal </h3> CMMC advisory and assessment services from an experienced C3PAO <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-two" data-menu-button="menu-two" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-two-button" > Industries <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-two" aria-hidden="true" aria-labelledby="menu-two-button" data-active-class="navigation__megaMenu--active" id="menu-two" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/financial-services" target=""> <h3 class="megaMenu__columnTitle"> Financial Services </h3> FinTech, payment processors, and banks decrease vulnerabilities using our services and to monitor 24/7 <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/healthcare-life-sciences" target=""> <h3 class="megaMenu__columnTitle"> Healthcare &amp; Life Sciences </h3> To remain HIPAA compliant, our cybersecurity services help you protect customer data 24/7 <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/retail" target=""> <h3 class="megaMenu__columnTitle"> Retail </h3> Retailers use our compliance services to improve security, assess cardholder data, and leverage a risk-based strategy approach to protect their customers <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/tech-software" target=""> <h3 class="megaMenu__columnTitle"> Tech &amp; Software </h3> Leading SaaS and IaaS companies achieve FedRAMP and implement GRC in less time <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-three" data-menu-button="menu-three" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-three-button" > Resources <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-three" aria-hidden="true" aria-labelledby="menu-three-button" data-active-class="navigation__megaMenu--active" id="menu-three" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/insights/resources" target=""> <h3 class="megaMenu__columnTitle"> Resources </h3> View all resources <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column megaMenu__column--divider"> <ul class="megaMenu__columnList"> <li class="megaMenu__listItem"> <span class="megaMenu__columnType"> By Topic </span> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=application-security" target="" class="megaMenu__link"> Application security </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=cloud" target="" class="megaMenu__link"> Cloud </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=cmmc" target="" class="megaMenu__link"> CMMC </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=compliance" target="" class="megaMenu__link"> Compliance </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=compliance-essentials" target="" class="megaMenu__link"> Compliance Essentials </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=corporate" target="" class="megaMenu__link"> Corporate </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=strategy-privacy-and-risk" target="" class="megaMenu__link"> Cyber Risk </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=offensive-security" target="" class="megaMenu__link"> Cybersecurity </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=fedramp" target="" class="megaMenu__link"> FedRAMP® </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=hexeon" target="" class="megaMenu__link"> Hexeon® </a> </li> </ul> </div> <div class="megaMenu__column "> <ul class="megaMenu__columnList"> <li class="megaMenu__listItem"> <span class="megaMenu__columnType"> By Type </span> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=case-studies" target="" class="megaMenu__link"> Case Studies </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=data-sheet" target="" class="megaMenu__link"> Data Sheets </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=reports" target="" class="megaMenu__link"> Reports </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=video" target="" class="megaMenu__link"> Video </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=webinars" target="" class="megaMenu__link"> Webinars </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=white-papers" target="" class="megaMenu__link"> White Papers </a> </li> </ul> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-four" data-menu-button="menu-four" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-four-button" > About <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-four" aria-hidden="true" aria-labelledby="menu-four-button" data-active-class="navigation__megaMenu--active" id="menu-four" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <h3 class="megaMenu__columnTitle"> Company </h3> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/our-story" target="" class="megaMenu__link"> The Coalfire Story </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/leadership" target="" class="megaMenu__link"> Leadership </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/diversity-and-inclusion" target="" class="megaMenu__link"> Diversity &amp; Inclusion </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/research-and-development" target="" class="megaMenu__link"> Research &amp; Development </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources/coalfire-academy-education/ai-risk-1" target="" class="megaMenu__link"> Education: Coalfire Academy </a> </li> </ul> </div> <div class="megaMenu__column "> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/richard-dakin-fund" target="" class="megaMenu__link"> Richard E. Dakin Fund </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/partners" target="" class="megaMenu__link"> Partners </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/contact-us" target="" class="megaMenu__link"> Contact Us </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/careers" target="" class="megaMenu__link"> Careers </a> </li> </ul> </div> <div class="megaMenu__column megaMenu__column--divider"> <h3 class="megaMenu__columnTitle"> News &amp; Events </h3> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/press-releases" target="" class="megaMenu__link"> Press Releases </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/in-the-news" target="" class="megaMenu__link"> In the News </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/the-coalfire-blog" target="" class="megaMenu__link"> Coalfire® Articles </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/events" target="" class="megaMenu__link"> Events </a> </li> </ul> </div> </div> </div> </div> </li> </ul> </nav> <nav class="siteHeader__secondaryNav navigation"> <ul class="navigation__list" data-arrow-navigation> <h2 class="navigation__heading sr-only"> Menu </h2> <li class="navigation__item -modal" data-modal> <button class="navigation__trigger" data-modal-button> <svg class="navigation__searchIcon"> <use href="#fa-magnifying-glass" /> </svg> <span class="navigation__searchText">Search</span> </button> <dialog data-dialog class="navigation__dialog dialog"> <div class="navigation__dialogWrapper"> <form action="/search" method="GET" class="navigation__form search"> <svg class="search__icon"> <use href="#fa-magnifying-glass" /> </svg> <label for="search" class="sr-only">Search Coalfire.com</label> <input type="search" name="q" id="search" placeholder="Search Coalfire.com" class="navigation__formInput search__input" data-search-input /> <button type="submit" class="navigation__formButton button search__inputButton"> <svg class="search__inputButtonIcon"> <use href="#fa-arrow-right-long" /> </svg> </button> </form> <button class="navigation__dialogClose" data-modal-close> <span class="sr-only">Close Dialog</span> X </button> </div> </dialog> </li> <li class="navigation__item"> <a class="navigation__trigger" href="https://account.coalfire.com/dashboard" target="_blank"> Customer Login </a> </li> <li class="navigation__item"> <a href="https://coalfire.com/about/contact-us" target="" class="navigation__button button"> Contact Us <span class="button__icon"> <svg><use href="#fa-arrow-right-long" /></svg> </span> </a> </li> </ul> </nav> </div> </header> <main role="main" id="site-main"> <section class="heroWithImage heroWithImage--light"> <div class="heroWithImage__container"> <div class="heroWithImage__content"> <p class="heroWithImage__type"> Cybersecurity </p> <h1 class="heroWithImage__title"> Fuzzing: Common Tools and Techniques </h1> <div class="heroWithImage__attribution"> <cite class="heroWithImage__authorWrapper"> <p class="heroWithImage__authorName"> Coalfire Cybersecurity Team </p> </cite> </div> <div class="heroWithImage__date"> June 4, 2019 </div> </div> </div> </section> <section class="blogPostLayout"> <div class="blogPostLayout__container"> <div class="blogPostLayout__mainContent"> <div class="blogPostLayout__contentBody"> <section class="section section--light -richTextClassic -" ><div class="section__container"><div class="section__introduction"><p><strong>This content is provided "as is" and is more than a year old. No representations are made that the content is up-to date or error-free. </strong></p></div><div class="section__content section__grid"><div class="section__item -text"><h2>What Is Fuzzing?</h2><p>Fuzzing is a software testing methodology that can be used from either a black or white box perspective and predominantly consists of providing deliberately malformed inputs to an application to identify errors such as unhandled exceptions, memory spikes, thread hangs, read access violations or buffer overruns that could lead to further compromise of a system.</p><p>Fuzzing relies on the assumptions that all software has bugs just waiting to be found. Hence, given enough time, a methodical approach should find these previously unknown bugs. Fuzzing can provide an additional avenue for bug identification alongside common testing techniques due to its mechanical approach and the limited amount of effort needed to carry it out.</p><h2>Fuzzing Terminology</h2><p>Before we get started, below are some common terms we will be using throughout this article:</p><h3>What is Dumb Fuzzing?</h3><p>Input of malformed data with zero knowledge of the underlying data structure.</p><h3>What is Smart Fuzzing?</h3><p>Input of malformed data with knowledge of the underlying data structure.</p><h3>What is Black Box Fuzzing?</h3><p>Input of malformed data without monitoring which code paths the data is passed through.</p><h3>What is White Box Fuzzing?</h3><p>Input of malformed packets with full knowledge of which code paths are hit.</p><h3>What is Generation?</h3><p>The creation of completely random data for inputting into the fuzz target.</p><h3>What is Mutation?</h3><p>Corruption of valid data according to a pattern.</p><h3>What is Mutation Template?</h3><p>Template used to define the pattern for corrupting valid data.</p><h3>What is Code Coverage?</h3><p>Represents the amount of code paths covered during testing.</p><h2>Which Targets Are Suitable for Fuzzing?</h2><p>Fuzzing has historically been used against software developed in either C or C++, which leave memory management to the programmer. However, it can be useful for any software that processes input received across a trust boundary. Some common trust boundaries include:</p><ul><li>Files received from an untrusted source</li><li>XML blobs</li><li>User-supplied input</li><li>Network sockets</li><li>Shared memory</li><li>Pipes</li><li>RPC interfaces</li><li>Driver IOCTLs</li><li>ActiveX objects</li></ul><h2>The Advantages and Disadvantages of Fuzzing?</h2><p>Fuzzing is a testing technique like any other; it is not perfect and should be used as part of a robust testing strategy. As such, a list of some of the advantages and disadvantages of fuzzing are listed here:</p><h3>Advantages of fuzzing:</h3><ul><li>Very simple to design</li><li>Can find problems not easily visible through other testing techniques</li><li>Usually very inexpensive to implement</li></ul><h3>Disadvantages of fuzzing:</h3><ul><li>Often takes an extremely long time to run</li><li>Crashes can often be difficult to analyze, especially when using black box fuzzing</li><li>Mutation templates for applications with complex inputs can often be time consuming to produce</li></ul><h2>The Process of Fuzzing</h2><p>Once you have selected your fuzzing target, you will then have to decide how you would like to generate your data to use. You can either generate a selection of random data (dumb fuzzing) for use against the target or you can use a mutation of a set of valid inputs (smart fuzzing).</p><p>Should you decide to utilize smart fuzzing, the next step will be to create a set of inputs to be used against the target. This can be broken down into two phases:</p><ul><li>Generation of a valid mutation template</li><li>Mutation of the template to produce fuzzed data</li></ul><p>The valid inputs can be gained through a number of methods, such as monitoring the software during normal usage or through reviewing the source code of the software.</p><h2>Generation or Mutation</h2><p>For complex inputs, full code coverage is almost impossible in any sort of sensible time frame using only random input generation. This is due to the fact that it takes the fuzzer excessive time to generate inputs that are both sufficiently complex to avoid being caught by the target’s input filtering while still exposing potential security vulnerabilities.</p><p>However, should the target software be simple enough that fuzzing with randomly generated data is achievable in the allotted time frame, then this is the simpler method requiring less time to implement.</p><p>Should your target require complex input, a far more efficient method for creating well-formed fuzzing data is to use known good data and a mutation template.</p><p>Imagine we had a web server that required four special HTTP headers (in this case, we will call them header1, header2, etc.), and if we were to omit header3 but include all the others, the program would crash.</p><p>To find such a flaw, an HTTP request that contains all three headers – header1, header2, and header4, and without header3 – should be attempted.</p><p>If our fuzzing engine is able to add or delete random headers from the request, it will take a long time (if it is at all possible) to generate an HTTP request that has exactly those four headers present. However, if we provide a template buffer with all possible HTTP headers present, the fuzzer will very quickly create the bogus request with all the headers, but without header3 present.</p><h2>Types of Fuzzer</h2><p>Fuzzers generally fall into one of the following categories: generation, mutation, or evolution, based on how they create the data with which to fuzz the target piece of software. In the following section we will briefly go over each of these categories.</p><h3>Generation</h3><p>Generation fuzzers can be anything from completely random data to slightly designed data. Imagine fuzzing an HTTP server (such as described above) but completely fuzzing the whole packet. Most of what would be fuzzed would be the TCP/IP data, and the packet would never reach its destination.</p><p>Generation fuzzers usually take a valid input, break it into pieces, and then fuzz each of the selected pieces randomly. The idea is to keep the overall structure of the data but to fuzz selected parts of it.</p><h3>Mutation</h3><p>Mutation-based fuzzers take a set of valid inputs and perform mutations on them in order to elicit errors from the software missed in other types of testing. Techniques such as least significant bit flipping fall into mutation fuzzing. Another example includes when fuzzing an HTTP request – if directed to do so, a mutation fuzzer could append random values to each of the HTTP header values in search of a vulnerability. For many targets, this can be a surprisingly effective strategy due to the fact that inputs are often similar enough to the original valid inputs to achieve a good amount of code coverage. </p><p>A mutation-based fuzzer can be further improved by using templates to ensure the structure of the data supplied to the target meets the format of the target’s expectations. Things like ensuring file inputs are in the correct format or that HTTP requests contain the correct headers could be added to the parsing of inputs from the mutation fuzzer to reduce time spent fuzzing.</p><p>As previously stated, a mutation-based fuzzer leverages a selection of known good inputs to generate a set of modified inputs to be used when fuzzing. For example, when fuzzing an mp3 processing library, the user would provide a selection of valid mp3 files, and then the fuzzer would modify these files to produce semi-valid variants of each file.</p><h3>Evolution</h3><p>Evolutionary fuzzing is based on the use of genetic programming, which aims to converge toward the discovery of vulnerabilities. Genetic algorithms are used to create continuous sets of test cases. Test case generation is based on both the fuzzing framework designed by the user and the responses received from the fuzzing target. The first set of test cases will be generated in a similar way to a generational fuzzer (described previously), and all further test cases will be generated through the steps described below:</p><ol><li><strong>Score:</strong> Each member of the current set of test cases is given a score, which is a combination of multiple metrics defined by the user and monitored through the fuzzing test</li><li><strong>Removal of weak cases:</strong> Lowest scoring test cases are discarded</li><li><strong>Mutation:</strong> Minor changes are applied to each remaining test case, similar to those described in the mutation fuzzing section</li><li><strong>Combination:</strong> Involves combining test cases with high scores to generate test cases that find other optimums. This process is also used to replenish the test cases that were discarded in step 2</li></ol><h2>Fuzzing Engine</h2><p>There are many prebuilt fuzzing packages available that can be leveraged against a target, some of which are quite simple and require minimal setup time, while others offer a range of features and require quite complex setup. It is also possible to design a custom fuzzing engine for a specific project.</p><p>A good fuzzing engine should implement the following features:</p><ul><li>Parse the mutation template and input data, then assemble it into a data structure</li><li>Randomly select one of the attributes and modify it in line with the mutation template specification</li><li>Submit the fuzzed input back to the target</li></ul><p>It is possible to use some of the below features to assist with finding bugs while fuzzing.</p><h2>Using Heap Canaries to Assist with Memory Corruption</h2><p>Often, fuzzing will cause slight memory error. For example, an IndexOutOfBounds exception that for the most part will not cause an application to crash can in some cases lead to things like remote code execution.</p><p>On the Windows operating system, it is possible to use features such as heap canaries or similar utilities to assist with detecting memory corruption.</p><h2>Generating Test Cases</h2><p>When generating test cases, something will need to be transformed in one form or another regardless of whether the fuzzing is generation, mutation, or evolution based. It is worth noting that edge cases are often where interesting things happen, and as such, it is advised to consider including:</p><ul><li>Exceedingly long strings</li><li>String format characters</li><li>Negative values</li><li>Null characters</li><li>New lines</li><li>EOL characters</li><li>Maximum and minimum integer values</li></ul><h2>Reproducing a Crash</h2><p>When carrying out fuzzing, the demanding nature of the task can itself cause errors in a target. As such, all bugs should be reproduced for verification purposes. It is advisable to attach a debugger to the process or set up a Just-In-Time (JIT) debugger so that a dump of the crash can be analyzed and allow identification of how the target failed and what caused the failure.</p><p>A second method that will work reliably for crashes that are caused by fuzzing a single request at a time is to log either the manipulated data in a database or similar product so that it can be referred to at a later date.</p><h2>Common Fuzzers</h2><ul><li><a href="http://lcamtuf.coredump.cx/afl/">American Fuzzy Lop</a></li><li><a href="https://github.com/aoh/radamsa">Radamsa</a></li><li><a href="http://peachfuzzer.com/">Peach Fuzzer</a></li><li><a href="https://github.com/jtpereyda/boofuzz">BooFuzz</a></li><li><a href="https://github.com/RootUp/BFuzz">BFuzz</a></li></ul><h2>Conclusion</h2><p>While finding bugs in a timely manner can require a large time investment to correctly set up a suitable fuzzing framework for the task, integrating fuzzing into the software testing suite can help avoid costly vulnerabilities being discovered by malicious actors in the future. Fuzzing is a useful software testing technique that can be leveraged with (depending on framework complexity) little time invested, across multiple types of software, and can be very effective at finding vulnerabilities missed by techniques like code reviews.</p></div></div></div></section> </div> </div> <aside class="blogPostLayout__articleAside articleAside"> <div class="articleAside__group"> <h3 class="articleAside__title"> Related Articles </h3> <ul class="articleAside__articleList"> <li class="articleAside__articleListItem"> <article class="articleAside__article"> <a href="https://coalfire.com/the-coalfire-blog/crypto-vulnerability-management" class="articleAside__articleLink"> Crypto Vulnerability Management </a> </article> </li> <li class="articleAside__articleListItem"> <article class="articleAside__article"> <a href="https://coalfire.com/the-coalfire-blog/getting-started-with-zap-and-the-owasp-top-10" class="articleAside__articleLink"> Getting Started with ZAP and the OWASP: Common Questions </a> </article> </li> </ul> </div> <div class="articleAside__group"> <h3 class="articleAside__title"> Related Resources </h3> <ul class="articleAside__articleList"> <li class="articleAside__articleListItem"> <article class="articleAside__article"> <a href="" target="_blank" class="articleAside__articleLink"> Managed services for attack surface management </a> </article> </li> <li class="articleAside__articleListItem"> <article class="articleAside__article"> <a href="https://coalfire.com/insights/resources/reports/penetration-risk-report" class="articleAside__articleLink"> Penetration Risk Report </a> </article> </li> <li class="articleAside__articleListItem"> <article class="articleAside__article"> <a href="https://coalfire.com/insights/resources/reports/smartest-path-to-your-secure-cloud" class="articleAside__articleLink"> Smartest Path to your Secure Cloud </a> </article> </li> </ul> </div> <div class="articleAside__group"> <h3 class="articleAside__title"> Related Solutions </h3> <ul class="articleAside__solutionsList"> <li class="articleAside__solutionsListItem"> <a href="https://coalfire.com/the-coalfire-blog?category=offensive-security" class="articleAside__solutionLink"> Cybersecurity </a> </li> </ul> </div> <div class="articleAside__group"> <h3 class="articleAside__title"> Share this story </h3> <ul class="socialShare"> <li class="socialShare__listItem"> <a class="socialShare__link" href="javascript:void();" title="Facebook" onclick="window.open(this.dataset.url, &quot;ss_share_dialog&quot;, &quot;width=626,height=436&quot;);" data-url="https://www.facebook.com/sharer/sharer.php?u=https%3A//coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques"><svg class="socialShare__icon"> <use href="#fa-square-facebook" /> </svg> <span class="sr-only">Facebook</span></a> </li> <li class="socialShare__listItem"> <a class="socialShare__link" href="javascript:void();" title="Twitter" onclick="window.open(this.dataset.url, &quot;ss_share_dialog&quot;, &quot;width=626,height=436&quot;);" data-url="https://twitter.com/intent/tweet?url=https%3A//coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques"><svg class="socialShare__icon"> <use href="#fa-x-twitter" /> </svg> <span class="sr-only">X / Twitter</span></a> </li> <li class="socialShare__listItem"> <a class="socialShare__link" href="javascript:void();" title="Instagram" onclick="window.open(this.dataset.url, &quot;ss_share_dialog&quot;, &quot;width=626,height=436&quot;);"><svg class="socialShare__icon"> <use href="#fa-instagram" /> </svg> <span class="sr-only">Instagram</span></a> </li> <li class="socialShare__listItem"> <a class="socialShare__link" href="javascript:void();" title="LinkedIn" onclick="window.open(this.dataset.url, &quot;ss_share_dialog&quot;, &quot;width=626,height=436&quot;);" data-url="https://www.linkedin.com/shareArticle?url=https%3A//coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques&amp;mini=1"><svg class="socialShare__icon"> <use href="#fa-linkedin-in" /> </svg> <span class="sr-only">LinkedIn</span></a> </li> </ul> </div> </aside> </div> </section> </main> <footer class="siteFooter"> <div class="siteFooter__main"> <div class="siteFooter__container"> <a href="/" class="siteFooter__home"> <svg class="siteFooter__logo"> <use href="#site-logo-light" /> </svg> <span class="sr-only">Homepage</span> </a> <nav class="siteFooter__nav"> <ul class="siteFooter__navList"> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/privacy" target="" class="siteFooter__navLink"> Privacy Policy </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/cookies" target="" class="siteFooter__navLink"> Cookie Policy </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/agreements/accessibility-statement" target="" class="siteFooter__navLink"> Accessibility </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/legal" target="" class="siteFooter__navLink"> Legal </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/coalfire-website-terms-of-use" target="" class="siteFooter__navLink"> Terms of Use </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/about/contact-us" target="" class="siteFooter__navLink"> Contact </a> </li> </ul> </nav> </div> </div> <div class="siteFooter__secondary"> <div class="siteFooter__container"> <p class="siteFooter__legalText"> Copyright © 2025 Coalfire Systems, Inc. All rights reserved. Coalfire, the Coalfire Logo, CoalfireOne, the Coalfire|Talks Logo, the Hexagon Logo, Hexeon, Neuralys, RAMP/pak, RAMP/pak+, RAMPcon, the RAMPcon Logo, and ThreadFix are trademarks or registered trademarks of Coalfire Systems, Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners. </p> <nav class="siteFooter__socialNav"> <ul class="siteFooter__socialNavList"> <li class="siteFooter__socialListItem"> <a href="https://www.facebook.com/coalfiresys/" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-square-facebook" /> </svg> <span class="sr-only">Facebook</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://twitter.com/coalfire" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-x-twitter" /> </svg> <span class="sr-only">X Twitter</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://www.linkedin.com/company/coalfire-systems-inc-/" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-linkedin-in" /> </svg> <span class="sr-only">Linkedin</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-youtube" /> </svg> <span class="sr-only">YouTube</span> </a> </li> </ul> </nav> </div> </div> </footer> <script type="application/ld+json">{"@context":"http://schema.org","@graph":[{"@type":"WebPage","author":{"@id":"https://coalfire.com#identity"},"copyrightHolder":{"@id":"https://coalfire.com#identity"},"copyrightYear":"2019","creator":{"@id":"https://coalfire.com#creator"},"dateCreated":"2024-03-22T11:43:49-04:00","dateModified":"2024-08-26T15:57:27-04:00","datePublished":"2019-06-04T07:04:04-04:00","description":"Fuzzing is a software testing methodology that can be used from either a black or white box perspective.","headline":"Fuzzing: Common Tools and Techniques","image":{"@type":"ImageObject","url":"https://assets.coalfire.com/prod/images/transforms/_1200x630_crop_center-center_82_none/default-card.png?mtime=1710449265"},"inLanguage":"en-us","mainEntityOfPage":"https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques","name":"Fuzzing: Common Tools and Techniques","publisher":{"@id":"https://coalfire.com#creator"},"url":"https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques"},{"@id":"https://coalfire.com#identity","@type":"LocalBusiness","address":{"@type":"PostalAddress","addressCountry":"US","addressLocality":"Greenwood Village","addressRegion":"CO","postalCode":"80111","streetAddress":"8480 E Orchard Rd., Suite 5800"},"geo":{"@type":"GeoCoordinates","latitude":"39.607910","longitude":"-104.890720"},"image":{"@type":"ImageObject","height":"20","url":"https://s3.us-east-2.amazonaws.com/coalfire.com/prod/images/coalfire-logo-dark.png","width":"165"},"logo":{"@type":"ImageObject","height":"60","url":"https://assets.coalfire.com/prod/images/transforms/_600x60_fit_center-center_82_none/coalfire-logo-dark.png?mtime=1711569942","width":"495"},"name":"Coalfire","priceRange":"$","sameAs":["https://twitter.com/coalfire","https://www.facebook.com/coalfiresys/","https://www.linkedin.com/company/coalfire-systems-inc-/","https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg"],"telephone":"(877) 224-8077","url":"https://coalfire.com"},{"@id":"https://coalfire.com#creator","@type":"LocalBusiness","address":{"@type":"PostalAddress","addressCountry":"US","addressLocality":"Greenwood Village","addressRegion":"CO","postalCode":"80111","streetAddress":"8480 E Orchard Rd., Suite 5800"},"geo":{"@type":"GeoCoordinates","latitude":"39.607910","longitude":"-104.890720"},"image":{"@type":"ImageObject","height":"20","url":"https://s3.us-east-2.amazonaws.com/coalfire.com/prod/images/coalfire-logo-dark.png","width":"165"},"logo":{"@type":"ImageObject","height":"60","url":"https://assets.coalfire.com/prod/images/transforms/_600x60_fit_center-center_82_none/coalfire-logo-dark.png?mtime=1711569942","width":"495"},"name":"Coalfire","priceRange":"$","telephone":"(877) 224-8077","url":"https://coalfire.com"},{"@type":"BreadcrumbList","description":"Breadcrumbs list","itemListElement":[{"@type":"ListItem","item":"https://coalfire.com/","name":"Home","position":1},{"@type":"ListItem","item":"https://coalfire.com/the-coalfire-blog","name":"Coalfire® Articles","position":2},{"@type":"ListItem","item":"https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques","name":"Fuzzing: Common Tools and Techniques","position":3}],"name":"Breadcrumbs"}]}</script></body> </html> <!-- Cached by Blitz on 2025-02-14T22:16:43-05:00 -->

Pages: 1 2 3 4 5 6 7 8 9 10