Gfuzz

Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.

On the GUI the tester has for each executed SQL query (on the server side):

This prototype aids the security tester in the task of determining which alerts raised by the fuzzer are real attacks and for the queries which do not comprise an attack, it allows the tester to reformulate the attack vectors in order to exploit SQL-injection vulnerabilities.