Fuzz testing is a well-established technique for finding bugs and security vulnerabilities in various programming languages where a fuzzer automatically generates, executes and evaluates code with potentially unlimited test cases. This approach has been refined since its inception in the late 1980s and can be used to find relatively sophisticated bugs such as SQL injections and memory issues.

However, fuzz testing has mostly focused on embedded and desktop application testing. In this presentation, we'll take a tour of fuzz testing tools and approaches applied to web applications. This will include how fuzzing can find bugs and vulnerabilities with server-side code written in languages like Java and JavaScript and with RESTful web API services.