Metalikelihood: Highseverity: MediumDraft

CAPEC-28Fuzzing

Abstraction
Meta
Status
Draft
Likelihood
High
Severity
Medium

Description

In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals.

Related weaknesses· 2

CWE-74CWE-20

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Fuzzing for application mapping
CAPEC
Fuzzing for garnering other adjacent user/sensitive data
CAPEC
Command Injection
CAPEC
Brute Force
CAPEC
Black Box Reverse Engineering
CAPEC
Password Brute Forcing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.